[WASC-WHID] WHID 2011-37: Nasdaq admits hackers planted malware on web portal

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Fri Apr 15 13:09:17 EDT 2011


Entry Title: WHID 2011-37: Nasdaq admits hackers planted malware on web
portal
WHID ID: 2011-37
Date Occurred: February 7, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Planting of Malware
Attacked Entity Field: Finance
Attacked Entity Geography: USA
Incident Description: Nasdaq admitted on Saturday that unidentified hackers
had succeeded in planting malware on one of its portals.
The US stock exchange is keen to stress that trading systems were not
affected by suspicious files found on Directors Desk, a web-based dashboard
application used by an estimated 10,000 execs worldwide. In a statement,
Nasdaq said that there was no evidence that customer information had been
exposed by breach.
It adds that it is likely that the Directors Desk hack was designed to plant
malware on the systems of users via drive-by-download attacks.
Mass Attack: No
Reference: http://www.theregister.co.uk/2011/02/07/nasdaq_malware_breach/
Attack Source Geography:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110415/6883c477/attachment-0003.html>


More information about the wasc-whid mailing list