BusinessWeek.com attacked by hackers

BusinessWeek’s website has fallen under attack by hackers. Security vendor Sophos discovered the attack last week. Hundreds of pages of the popular site have been infected with malicious Javascript that redirects users to a Russian website that attempts to download malware to their computers. While some of the download attempts are being detected by malware blockers, many more are slipping through easily. The stats compiled by Google’s Safe Browsing API are alarming:

Of the 2157 pages we tested on the site over the past 90 days, 214 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 09/15/2008, and the last time suspicious content was found on this site was on 09/11/2008. Malicious software includes 721 scripting exploit(s), 4 trojan(s), 3 exploit(s). Successful infection resulted in an average of 2 new processes on the target machine.

Hijacking legit sites for malware attacks is nothing new. In the past USA Today, Facebook, MySpace, and others have been used by hackers for malware delivery. Experts estimate that at least 70% of all web based malware is hosted on legit sites. It is not yet known how many BusinessWeek.com visitors were caught in the attack and infected, and the site has had no comment.

Keep reading for safety tips on how you can avoid malware.