Audi Taiwan’s official Web site has been hacked
It looks like Asus is not the only site in Taiwan to be hacked and dangerous code inserted on it’s Web pages.
Websense reports that Audi’s official Taiwan site has also been hacked:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=776
As of 30 seconds ago the site was still dangerous – the iframe code pointing to misofthelp.com was still there.
I and other security focused MVPs have been warning about the dangers of hacked Web sites for a long time. The problem is finally hitting the popular press. For example, several sites have picked up on a blog entry by Stopbadware.org which recently identified five web hosting companies with the largest number of infected sites residing on their servers:
http://blogs.stopbadware.org/articles/2007/05/04/stopbadware-identifies-hosting-providers-of-larged-numbers-of-sites-in-badware-website-clearinghouse
As a result of the publicity generated by Stopbadware’s report several of the highlighted providers are now working with Stopbadware to clean up the compromised Web sites:
http://blogs.stopbadware.org/articles/2007/05/11/hosting-providers-taking-action-against-badware
Unfortunately, reality is that unless and until these providers work out *how* the sites that they host are being compromised, and address the problems, sites will continue to be hacked. Are the providers failing to install security updates? Are they running old, vulnerable versions of their software? Are they failing to enforce strong passwords/passphrases? A combination of all?
Hosting providers have a responsibility to ensure that they provide the best possible security for their clients because once the bad guys get in, those bad guys have access to hundreds, if not thousands, of Web sites with which to spread their dangerous wares – the crooks get the maximum effect for minimum effort.