Updated The European website of TechCrunch (eu.techcrunch.com), one of the world’s most popular blogs, appears to have fallen victim to hackers, who have planted a malicious script on their site, designed to infect unsuspecting visitors.
TechCrunch Europe posted a message on its Twitter feed earlier today describing warnings about malware being distributed via the site as “annoying”. Perhaps a rather unusual turn of phrase, which might suggest to observers that the warnings were erroneous rather than the result of a serious security problem.
Sophos customers who have already switched on the “Live Protection” in version Sophos Endpoint Security and Data Protection 9.5, are already protected – benefiting from our very latest in-the-cloud technology to defend against the latest threats like this, efficiently and proactively. There’s a lesson here: “If you are using Sophos version 9.5, turn on live protection!” It’s worth it!
Users of some web browsers may also be protected – for instance, here’s a screenshot of Firefox intercepting one of the infected pages on TechCrunch Europe.
The problem appears to have been present on TechCrunch Europe’s website for some time, and yet there’s been no obvious warning to visitors posted on its site nor – seemingly – no attempt to remove the malicious script or block users from visiting the infected pages.
One has to wonder whether malicious hackers are taking advantage of the Labor Day holiday in North America today which may mean that less of TechCrunch’s support team (who might be able to fix this problem) are available today.
SophosLabs have analysed the malware being spread via the infection, which we detect as Troj/Zbot-YP.
Ideally TechCrunch will post a message on its site (on the TechCrunch Europe site, at least) informing users about the incident and advising that they check their PCs with an up-to-date anti-virus. I don’t see any message to that effect yet on that site – but I’m hopeful.
Yes, some firms are embarrassed when their websites become infected – and it’s not the kind of event that we would wish upon anyone. But let’s not forget that TechCrunch is the victim of a criminal act, and although in an ideal world their site would not have been compromised in this way they are not – ultimately – the ones to blame for the wrongdoing.
What they can do, as a responsible member of the internet community, is advise anyone who might have visited the site while it was infected to double-check their computer systems. That’s the kind of behaviour that we would expect of any website that suffered a security problem – and is, indeeed, the kind of behaviour that technology media websites like TechCrunch would expect from others too.
Hat-tip: Thanks to @theharmonyguy who first made me aware of this issue.