31 Jul 08 Virus attacks on ALA web servers

Some time in the past few days (this started between  7/20/08 and 07/30/2008), several of our web servers began to show signs of a virus attack.  The attack attempted to use our website to push visitors to verynx.cn, a known attack website in China.  If successful, the attack would execute malicious java script to download more hostile software to the visitor’s PC.  This represents a newer form of attack, attempting to use a trusted source (in this case ALA), to refer web visitors to a hostile site.

We have located the malicious code that the virus inserted into some of our forms databases, and have removed it.  We have also installed a new filter system on our two outward-facing Collage web servers, and are in the process of fine-tuning its performance.  This new filter should block any further attacks of this kind, which will give us the breathing room to take other measures to prevent more attacks in the future.  If you experience any odd behavior related to online forms, please send a report to helpdesk@ala.org with as much detail as you can provide.

We will keep you updated by email and the ITTS Update blog as events require.

Tags: ALA web, virus