infosec-news January 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Hacker Code Lingered on Home Depot Website

[ISN] Hacker Code Lingered on Home Depot Website

From: InfoSec News <alerts_at_nospam>
Date: Wed Jan 12 2011 - 08:34:20 GMT
To: isn@infosecnews.org

http://www.foxnews.com/scitech/2011/01/11/home-depot-website-compromised/

By Jeremy A. Kaplan
FoxNews.com
January 11, 2011

The website for do-it-yourself giant Home Depot has been … well,
screwed.

An IT analyst has uncovered the lingering remnants of a 2009 breach of
security on the website of the major retailer: secret code hidden on the
website that redirected the user's browser to a site that served up
malware.

"Somebody managed to deface the site and inject that code, so that
anyone visiting the site would have loaded the malicious code from this
other site," explained Mike Menefee, founder of security website Infosec
Island, which discovered the hack.

He stressed that HomeDepot.com isn't presently a threat, nor has it been
for quite a while. Experts told FoxNews.com that the hack was discovered
by someone and disabled -- and that's the mysterious part of the whole
thing. Who leaves malicious code lying in wait -- dormant, disabled and
inactive on their site?

[...]

___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/