Trend Micro's Web site hacked in massive attack

In an embarrassing event, security vendor Trend Micro is the target of an attack that affected 20,000 Web pages.

Security vendor Trend Micro's Web site was hacked earlier this week in an attack that spread to hundreds of other sites, according to an InfoWorld report.

The malicious code tries to embed software that steals passwords from users as they visit Web sites, according to the report.

Trend Micro discovered the attack on Wednesday and took steps to shut it down. It affected about 20,000 Web pages written with Microsoft's Active Server Pages Web development software. According to Trend Micro:

(A similar previous) attack seems to have started more than a week ago, and nearly 200,000 Web pages have been found to be compromised, most of which are running phpBB. This contrasts (Wednesday's) attack in that the vast majority of those were active server pages (.ASP). The ASP attacks are different than the phpBB ones in that the payload and method are quite different. Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering. phpBB mass hacks have occurred in the past, including those done by the Perl/Santy.worm back in 2004.

Trend Micro also provided a video demonstration of what the attack looks like from the end user's perspective.

About the author

Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT publication InfoWorld.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Nissan gives new Murano bold style (pictures)
Top great space moments in 2014 (pictures)
This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
ZTE's wallet-friendly Grand X (pictures)
Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)
Top-rated reviews of the week (pictures)