ninemsn was compromised, says Websense


Security technology company Websense this week claimed that one of Australia’s most highly trafficked websites, ninemsn, had been compromised by an outside party and injected with “malicious code”, although the problem area has now been removed from the site.

In a statement on its site, Websense said the code was “hidden deep within” ninemsn’s advertisement engine and was served on request. The security company claimed the code could be identified as part of the Gumblar virus, which first appeared in 2009.

Ninemsn – which operates as a joint venture between PBL Media and Microsoft – is one of the largest sites in Australia, with a claimed audience of over 9.7 million people (as at July 2009) visiting the site each month. That figure, according to the site, represents 69 percent of Australia’s “active internet audience”.

Websense said the injected code led to a site that had also been compromised by Gumblar, and that it was specifically hidden within the banner advertisement script for the Women’s Weekly publication.

“At this time, the malicious code isn’t available or reachable, but this could change at any time,” Websense said. “An interesting implication is that this ad can be dynamically served on multiple web pages within ninemsn. This is unlike a typical injection where web sites are compromised in a single static page; in this case, the infected banner ad can be pulled to various locations within the site, serving its malicious purpose silently.”

Ninemsn has not yet responded to an emailed request for comment on the issue, but Websense said it had contacted Microsoft after discovering the attack. “The ad banner has now been removed from the ninemsn support site,” the security firm said.

The news comes as online infrastructure has come under increasing attack in Australia through various avenues. For example, the loose coalition of individuals known only as “Anonymous” spent part of last week attacking Federal Government web sites as part of a distributed denial of service attack to protest the proposed internet filtering initiative.