Skip to main content

Forbes Website Was Hacked in Targeted Attack on Its Visitors

23390123_b6caaefc16_m[1]With splash pages which subject new website visitors to a "Thought of the Day", Forbes has one of the more annoying ad policies of the major news sites. And now hackers have found a way to make it even worse.

The WSJ reports that late last year hackers believed to be based in China had used the Forbes website as a conduit in their attack on a defense contractor. For several days following Thanksgiving, the hackers subverted Forbes servers and used the "Thought of the Day" ad page to deliver malware to a select group of targeted computers.

Internet Explorer users were targeted in what is believed to be an attack on defense contractors:

Invincea said it responded to a hacking incident at a defense contractor in late November, and traced the malware to employees visiting Forbes. Working with iSight, which has close ties to official Washington, the two firms also found evidence of malware from the Forbes site on computers in the American financial services sector.

The links to China are indirect. ISight says it has linked the Forbes hack to the malware and tactics used in a string of intrusions at defense contractors, a Hong Kong think tank and the Nobel Peace Prize website shortly after the award went to a Chinese dissident in 2010.

Luckily the hackers were not interested in infecting everyone, but that doesn’t change the fact that they were still able to use weak security on the Forbes website and a previously unknown Adobe Flash security hole to potentially infect millions of computers.

That Flash security hole, in case you were wondering, was patched in January. Update: Conflicting reports say that it was patched in early December.

13856199984_4667251db8

Forbes said it counted more than 31 million website visitors in November, and given that IE is still one of the leading web browsers, the potential impact measured in the millions.

To be fair to Forbes, this is honestly nothing new. Hackers have long used compromised websites to spread malware and attack more computers. Historically, this is an older problem than the rising issue of malware-infested ad networks.

But even though this isn’t new, it’s still a reminder that when browsing online, security is paramount. And that’s why I use an ad blocker, among other security measures.

images  by Kris Krugaag_photos

Similar Articles


Comments


Forbes is Blocking Ad-Blockers | The Digital Reader January 5, 2016 um 10:56 pm

[…] malware to unsuspecting readers. That was the second time this year that Forbes was hacked and used as an unwitting tool to distribute malware, so I'm sure you can understand why we don't want to turn off our ad-blocking […]


Write a Comment