Two cybersecurity firms claim that Microsoft Internet Explorer users who read the Forbes website just after Thanksgiving were at risk.
The Forbes site was compromised from November 28 to December 1, according to iSight Partners and Invincea. The firms claim that hackers with possible links to China had taken over the Forbes “Thought of the Day” widget, and used it to install malware on readers’ machines. The number of potential victims is not yet known, writes Danny Yadron of the Wall Street Journal.
Mass malware infection unlikely
Forbes acknowledged the incident for the first time on Tuesday, but was made aware of the hack on December 1 and took appropriate measures to end the threat. Forbes.com had more than 31 million visitors in November, and comes in at 62nd on the list of most popular websites in the U.S.. Microsoft’s Internet Explorer is used by around half of global internet users.
Taking into account those figures we can see that millions of people were at risk, but cybersecurity experts believe that the hackers were only really interested in selected individuals.
An Invincea investigation into a cyber attack at a defense contractor revealed that the malware could be traced to employees visiting the Forbes website. The firm then worked in conjunction with iSight and detected evidence of the same malware on computers in the U.S. financial services sector.
Any links to China are yet to be proven beyond reasonable doubt, but the malware and tactics are similar to previous attacks on defense contractors, a think tank based in Hong Kong and the Nobel Peace Prize website, which suffered an attack after Chinese dissident Liu Xiaobo was awarded a prize in 2010.
High value targets
If you are an average Internet Explorer user who visited Forbes on those dates, the security firms claim that it is unlikely that you were targeted. “It’s not their M.O. to infect tens of millions of people,” said Stephen Ward of iSight.
Another clue is the fact that the hackers gained access through previously unknown holes in both Adobe Flash and Internet Explorer. Hackers generally only exploit these weaknesses to hack high value targets, because they can easily be fixed once the software company is made aware of the hole.
Both Adobe and Microsoft have since released patches to prevent hackers exploiting the same weaknesses.