GoDaddy.com Inc, a web domain registrar that also provides web-hosting and Internet security services, says it “quickly” removed malicious software code that had infected approximately 445 of its clients’ web sites last week.
On Sept. 14, Go Daddy’s Internet security team detected that hackers had compromised client sites, the company says. Hackers had used the usernames and passwords of Go Daddy account holders to enter the protected areas of their web sites, then installed software code that redirected visitors to a fraudulent web site designed to capture consumer account information, says Todd Redfoot, Go Daddy’s chief information security officer. “We quickly removed the malicious code, reset the impacted account passwords and alerted our customers,” he says. “We found no evidence this was an infrastructure breakdown, and the incident did not impact additional customers.”
GoDaddy did not say how many of the infected sites were retail sites.
Avivah Litan, an analyst at Gartner Inc. who specializes in Internet security, says such criminal attempts to redirect web site users to illegitimate sites designed to steal account information are among the most troubling types of fraud for online retailers. “This is one of the worst things that can happen to an online merchant,” she says. Litan advises retailers to ensure they have high-level SSL certificates that let site visitors know when they’re on a legitimate web site. Some high-level certificates, for example, are designed to turn the URL window to a green color to clearly mark the site as safe, she adds.
Tom Donlea, managing director for the Americas for the Merchant Risk Council, an organization that promotes Internet security among online retailers, says retailers should consult with their Internet service providers and Internet security firms to provide multiple layers of web site security, including systems that check for unusually high order volume and order value among client accounts.
“A lot of merchants are just praying and hoping these problems of infected sites won’t happen to them,” Donlea says. “Their challenge is to find the right level of fraud prevention.”
Redfoot adds that web site operators should use effective passwords. “While we always encourage strong passwords, it's also very important to not use the same password on multiple accounts," he says.
Go Daddy did not comment on how hackers might have acquired its clients’ account usernames and passwords, though security experts say a common method would be to use phishing and pharming attacks designed to trick people into revealing such information. Phishing is usually done in the form of e-mail messages, which appear to come from legitimate companies but lure recipients to pharming sites made to appear like legitimate web sites. Once on those sites, consumers are directed to update their account information, providing a way for criminals to capture their personal data.
Julie Fergerson, a co-founder of the Merchant Risk Council who is vice president of emerging technologies at Internet security firm Ethoca, says she has seen a sharp increase in the number of attacks on web sites this year. “Since March, I have never seen the pace of attacks that are happening now,” she says. One apparent reason, she adds, is that malicious software code designed to compromise web sites is now easily available for downloading from an underground network of criminal web sites.