Virgin's embarrassing weekend - website auditing software and trojans?
jerry.daniels at me.com
Wed Apr 7 19:12:05 CDT 2010
Good work, Douglas!
Use tRev's buy link during your free trial to get 20% off:
On Apr 7, 2010, at 7:07 PM, Douglas <dougtechie at tiscali.co.uk> wrote:
> OK, the subject got your attention. (or perhaps it just put this straight into your spam or trash?)
> Honest, it's not quite what you think! It is quite a long story, but it DOES have something to do with using RunRev - please bear with me.
> Britain's biggest cable network supplier VirginMedia had a little problem last weekend, but they don't want anyone to know.
> Last Friday (2nd April) I discovered their website (virginmedia.com) was littered in scripts that would start a malware trojan download on to users computers.
> I put in a report through their "security" system and expected it to be looked into quite quickly.
> Then, 5 hours later, as nothing at all had happened on site and users were presumably still getting infected I put a 2nd report.
> Then the next morning a 3rd report.
> Finally, I started informing the anti-virus companies in the hope that they would force Virgin into action.
> I managed to get the warning systems for the Firefox and Safari browsers which use Google info for blocking bad sites to block parts of the site after getting Google to scan the site.
> See the Google report at http://google.com/safebrowsing/diagnostic?tpl=safari&site=help.virginmedia.com&hl=en-us
> - out of the pages scanned, 18 had bad scripts!
> I then sent a 4th report to virgin "security" stating that I had to go to the community due to their inaction.
> A few hours later, "closed for maintenance" notices started to go up on large bits of the site.
> It took virgin "security" 5 days to reply to my reports! (After the site has now been cleaned and the bad pages rewritten.)
> I am now in the process of discussing security with the "security" team. - possibly lucrative?
> Obviously, VirginMedia do not use any form of auditing software on their website or they would have known that the infected pages had a different checksum than the last time they were checked.
> I realise that there must be some form of proper auditing software available for exactly this purpose.
> There are obviously complexities involved to allow for authorised editing, adverts etc., but the basic framework would be fairly simple wouldn't it?
> I don't want to start working on this if it has already been done a thousand times already!
> Hence the reason for this post - has anyone already done a similar app that you know of?
> ps. McAfee were rubbish, even having reported this to them and the fact that their anti virus/malware system allowed the malware/trojan to infect PC's. I sent them the URLs of infected pages, signed up as a"SiteAdvisor" and reported the site.
> They STILL reported the site as safe all the way through on their siteadvisor.com!
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the use-livecode