Entry Title: WHID 2011-37: Nasdaq admits hackers planted malware on web portal WHID ID: 2011-37 Date Occurred: February 7, 2011 Attack Method: SQL Injection Application Weakness: Improper Input Handling Outcome: Planting of Malware Attacked Entity Field: Finance Attacked Entity Geography: USA Incident Description: Nasdaq admitted on Saturday that unidentified hackers had succeeded in planting malware on one of its portals. The US stock exchange is keen to stress that trading systems were not affected by suspicious files found on Directors Desk, a web-based dashboard application used by an estimated 10,000 execs worldwide. In a statement, Nasdaq said that there was no evidence that customer information had been exposed by breach. It adds that it is likely that the Directors Desk hack was designed to plant malware on the systems of users via drive-by-download attacks. Mass Attack: No Reference: http://www.theregister.co.uk/2011/02/07/nasdaq_malware_breach/ Attack Source Geography: