JB Hi-Fi website hacked to infect PCs

JB Hi-Fi's websites in Australia and New Zealand were redirecting customers to malicious web pages over the weekend in a cyber attack in the lead-up to Christmas.

The exact details of the attack are not yet clear as the retailer has refused to comment but users first started reporting problems on Friday night.

Visitors to jbhifi.com.au reported being automatically redirected to Chinese websites carrying malware. Similar issues affected JB Hi-Fi's New Zealand website, which is hosted on the same server.

Those with anti-virus software and fully patched internet browsers would have been alerted to the security issue upon visiting the page but people without up-to-date protection could be infected without even knowing.

Separately, one of the most popular Australian online communities for computer enthusiasts, Overclockers Australia, has been offline for several days due to technical issues. The site last week asked users to change their passwords due to a security scare.

Users of the Australian broadband discussion forum Whirlpool, and users of the OzBargain.com.au website, reported that, before the site was taken offline, visitors to overclockers.com.au were being redirected to the same malicious page as those who visited jbhifi.com.au.

But it is not yet clear if the attacks are related.

Whirlpool itself had a security scare last week and, like Overclockers, advised users to change their online passwords as some user data could have been compromised.

Whirlpool founder Simon Wright insisted today the attack on his website was not related to the attacks on Overclockers or JB Hi-Fi. However, he refused to go into specifics, saying he did not want to help any potential attackers.

A security consultant, who did not wish to be named, said it appeared that JB Hi-Fi's website was infected after hackers broke into the server used to display ads on the website. That particular server has since been taken down, but it is unclear how many people were affected over the weekend before this occurred.

"Once you compromise the web server you add your own script code to the site to redirect users to wherever you want them to go," the consultant said.

"When people compromise web servers these days they're not defacing them, they're doing it for financial gain."

JB Hi-Fi's marketing director, Scott Browning, said "we don't comment on that type of stuff". JB Hi-Fi chief executive officer Richard Uechtritz did not return calls requesting comment.

Security researchers say cyber criminals are now increasingly targeting legitimate websites as punters become more wary of surfing to unknown parts of the web.

Paul Ducklin, head of technology at Sophos, said one of the most common methods of placing malware on reputable sites was by infiltrating the networks used to sell advertising on the sites, or buying ads on the sites directly.

"Instead of hacking the site directly using a technical attack, they hack the site indirectly by social engineering - for example, by pretending to represent a potential major advertiser, agreeing to terms for a series of paid ads and then injecting the malware into the ads they have 'bought'," he said.

In September, visitors to The New York Times website were infected with malicious content after hackers managed to buy advertising space directly from the newspaper itself.

As a member of Whirlpool said in response to the attacks on Overclockers and JB Hi-Fi: "Some people think that they are safe if they don't visit any dodgy sites and don't need anti-virus. This sort of thing proves otherwise, that even reputable sites can be compromised and end up infecting your PC."

- © Fairfax NZ News