19 Aug 08 Attack on ALA Web Servers

Yesterday, our Collage web servers began to show signs of another injection attack.  The attack was similar to the last one, where the attack attempted to use our website to push visitors a known attack website in China.  If successful, the attack would execute malicious java script to download more hostile software to the visitor’s PC.  This represents a newer form of attack, attempting to use a trusted source (in this case ALA), to refer web visitors to a hostile site.   We have identified a number of other external websites that were attacked by the same method.

We have located the malicious code that the attack inserted into some of our forms databases, and have removed it.  We have also added more rules to our filtering system on our two outward-facing Collage web servers to prevent this attack from occurring again.   If you experience any odd behavior related to online forms, please send a report to helpdesk@ala.org with as much detail as you can provide.

We will keep you updated by email and the ITTS Update blog as events require.