.Gov Site Seeded with Malware Again"> The sites Sunbelt has seen seeded with malware include those for the U.S. Virgin Islands Housing Authority and for cities such as Plainsville or Sansford, Kansas. The list is extensive. The problem is, Eckelberry told eWEEK, that in many cases these organizations have tight resources and are forced to outsource site hosting to a hosting provider."The fundamental problem is there are real small shops" out there that are running sites, Eckelberry said. "There was a nice old lady [responsible for a site in Texas]. We said, You have porn on your system. She was so sweet. She said, Oh yes, weve heard about that. They have no idea [of the severity of the issue." The problem is, when small IT shops outsource to third-party providers, security can crack in many placessome of the errors are due to the sites creators, and some errors are due to the hosting provider. Read more here about how hackers scam Internet users with bogus anti-spyware offers. The errors Sunbelt sees on compromised sites most frequently include: stolen FTP credentials; unpatched (usually open-source) software, including poorly maintained LAMP stacks; the increasing use of collaborative, "Web 2.0" type software (wikis, tikis, etc.); DNS hacks; poorly written ASP code; sloppy PHP work; and SQL hacks. "We believe in many, many places its the fault of the hosting provider," Eckelberry said, although with problems such as poorly written ASP code, the buck would have to stop squarely on the desks of the sites owners. "This is a problem that leaves you scratching your head: Why do these problems persist?" Ferguson said. "Were talking about the Transportation Authority of Marin County. Its these small county government sites; their IT budgets are probably chickenfeed." At this point, the whole framework in which .gov is set up probably needs to be re-examined, Ferguson said, given the large scale on which security researchers are seeing .gov sites poisoned. "Ive said it before: you hire a third-party person to come in and put up a Web site and then he goes on his way; those days are long gone. All these platforms are not being maintained properly, and theyre ripe for the pickings. People need to do due diligence in maintaining their Web infrastructure." After all, Ferguson said, citizens, or customers of smaller businesses, are in danger. "People are jumping on a site for checking a bus schedule or the schedule for community meetings, and in process people" are getting hurt by malware attacks, he said. Ferguson pointed to an updated set of guidelines from NIST on securing public Web servers as a good place to start to avoid situations like the recurrent problems of the TAM site.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
A certain percentage of those hosting providers are increasingly asleep at the wheel, however. One provider that security researchers preferred to keep unnamed was exhibiting signs of DNS hacking as far back as September. Researchers can sniff out DNS attacks pretty easily: A mysterious sub domain will have been inserted into a URL, giving researchers the heads-up that a separate DNS entry has been created.