Computer Associates website hacked: routes visitors to Chinese malware site

Computer Associates has not issued a statement on the hack, but newswire reports suggest that parts of the press section of its Ca.com portal were rerouting visitors to the uc8010.com domain, which has been hosting malware since last month. Brian Chess, Fortify’s founder and chief scientist, says that the attack vector appears to be similar to a site hack of the Dolphin Stadium Web portal of early last year, with Javascript routines inserted into the body of the relevant pages. “Unconfirmed reports suggest that the press section of the Ca.com portal is hosted by a third party organisation, but this makes no difference to the visitors, who were being redirected to a malware site in China,” he says. According to Chess, this kind of hack isn’t just about embarrassment. “Breaches like these are being perpetrated by criminals being paid to install malware on personal computers. Viruses aren’t spread on floppy disks any more – the corporate website has become a leading vector for getting malicious code past the firewall. “Sure it’s embarrassing, but more importantly it’s a perfect example of how criminals are leveraging the trust people have in a brand like CA’s to gain control of their computers,” he adds.