Virgin's embarrassing weekend - website auditing software and trojans?

Douglas dougtechie at tiscali.co.uk
Wed Apr 7 20:07:45 EDT 2010


OK, the subject got your attention. (or perhaps it just put this 
straight into your spam or trash?)

Honest, it's not quite what you think! It is quite a long story, but it 
DOES have something to do with using RunRev - please bear with me.

Britain's biggest cable network supplier VirginMedia had a little 
problem last weekend, but they don't want anyone to know.

Last Friday (2nd April) I discovered their website (virginmedia.com) was 
littered in scripts that would start a malware trojan download on to 
users computers.
I put in a report through their "security" system and expected it to be 
looked into quite quickly.
Then, 5 hours later, as nothing at all had happened on site and users 
were presumably still getting infected I put a 2nd report.
Then the next morning a 3rd report.
Finally, I started informing the anti-virus companies in the hope that 
they would force Virgin into action.

I managed to get the warning systems for the Firefox and Safari browsers 
which use Google info for blocking bad sites to block parts of the site 
after getting Google to scan the site.
See the Google report at 
http://google.com/safebrowsing/diagnostic?tpl=safari&site=help.virginmedia.com&hl=en-us
- out of the pages scanned, 18 had bad scripts!
I then sent a 4th report to virgin "security" stating that I had to go 
to the community due to their inaction.
A few hours later, "closed for maintenance" notices started to go up on 
large bits of the site.

It took virgin "security" 5 days to reply to my reports! (After the site 
has now been cleaned and the bad pages rewritten.)
I am now in the process of discussing security with the "security" team. 
- possibly lucrative?

Obviously, VirginMedia do not use any form of auditing software on their 
website or they would have known that the infected pages had a different 
checksum than the last time they were checked.

I realise that there must be some form of proper auditing software 
available for exactly this purpose.
There are obviously complexities involved to allow for authorised 
editing, adverts etc., but the basic framework would be fairly simple 
wouldn't it?
I don't want to start working on this if it has already been done a 
thousand times already!

Hence the reason for this post - has anyone already done a similar app 
that you know of?

Douglas

ps. McAfee were rubbish, even having reported this to them and the fact 
that their anti virus/malware system allowed the malware/trojan to 
infect PC's. I sent them the URLs of infected pages, signed up as 
a"SiteAdvisor" and reported the site.
They STILL reported the site as safe all the way through on their 
siteadvisor.com!






More information about the Use-livecode mailing list