Hackers infect BusinessWeek website via SQL Injection attack

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Sophos experts have discovered that the website of BusinessWeek, the world famous weekly magazine, has been attacked by hackers in an attempt to infect the readership with malware.

Hundreds of pages on a part of BusinessWeek’s website which offers information about where MBA students might find future employers have been struck by the SQL Injection attack – where a security vulnerability is exploited in order to insert malicious code into the site’s underlying database.

It’s worrying when any site suffers from a malicious SQL Injection attack, but when it’s also one of the 1000 busiest websites on the internet the stakes are even higher. The potentially large number of people visiting the site and accessing information to assist their careers may be putting their finances or personal data in jeopardy if they are not properly protected.

As we reported in our recent Security Threat Report, over 16,000 new infected webpages are discovered every single day. That’s one every five seconds – three times faster than the rate we saw during 2007.

Sign up to our free newsletter.
Security news, advice, and tips.

View the following video to get more information (and – of course – feel free to embed it on your own websites if you like):

[vimeo=http://vimeo.com/2445652]

At the time of writing, the code injected into BusinessWeek’s website points to a website that is currently down and not delivering further malicious code. However, it’s worth bearing in mind that it’s status could potentially change at any time. Sophos informed BusinessWeek of the infection last week, although at the time of writing the hackers’ scripts are still present.

BusinessWeek, and the many other firms hit by SQL Injection attacks need to move fast to not only remove the malicious scripts, but also to ensure that they do not get infected again. Companies whose websites have been struck by such an attack often clean-up their database, only to be infected again a few hours later.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.