Anna is the director of a small kindergarten in Zurich. To give the kindergarten a home on the Internet, she registered a domain name and put up a website where parents can get up-to-date information about the kindergarten. A friend helped her to install a popular open-source content management system (CMS) for the website, so that she can change the menu every week and perform other updates herself. The parents of the kids were delighted to have access to this information online.
Three months after the website went online, one of the parents called her, telling her that the website was no longer available, and a warning was displayed instead. He also told her that he had a virus on his home PC and had to reinstall his operating system and change all his Internet passwords. When she talked to other parents that day, they told her the same.
What happened?
It turned out that the kindergarten’s website had been compromised by criminals. The hackers injected small pieces of code into the website that were invisible to visitors but installed malicious software on their home PCs. This malicious software, or virus, gives the attackers full control over the victim’s PC, including their e-banking sessions, and steals sensitive information like credit card data and passwords. Cleaning up all infected PCs, resetting all passwords used on the Internet and getting new credit cards was quite expensive for the parents, but Anna also had to shut down the website and clean it with help from an expensive security expert.
He told her that the criminals had used a vulnerability in the CMS that was discovered and publicly announced four weeks before. CMSs, like home PCs, need updates installed regularly to remain safe. Anna failed to take account of this when she installed the CMS with her friend’s help. Fortunately, Anna’s web hosting provider also offers a managed CMS that it maintains and updates regularly with security patches, so she moved the website to that CMS. A lot of time and money had to be spent fixing the damage to the website and visitors’ home PCs.
Unfortunately, cases like this are quite common these days, and distribution via compromised websites – known as a “drive-by” infection – is one of the main ways of spreading malicious software today. Some 2,000 Swiss websites were cleaned last year after SWITCH informed their owners that they had been compromised.
To prevent infections via websites and to ensure the Internet remains a safe place, SWITCH has created a website to inform domain holders and website owners about the risks of running a website. The site at https://www.switch.ch/saferinternet/ explains why criminals like to use your website for drive-by, phishing and other criminal activities. It explains how these criminal techniques work, how you can detect them, and what to do to prevent them from happening. If you are already running a website or plan to set one up in the future, take a look at our brief introduction and make sure you follow the five tips to keep your website safe.
https://www.switch.ch/saferinternet/
SWITCH Security-Blog 