Consumer warning over internet attacks
Consumer NZ is warning other website operators to be vigilant – particularly those using SQL databases – after its
website was attacked at the weekend.
Late on Saturday night the site was subject to a SQL injection attack in the form of an automated worm that exposed
visitors to the site to a Trojan virus. The attack was discovered by a staff member at 4pm on Sunday when they came into
the office and accessed the website. The site was shut down within the hour and has been offline ever since.
“Consumer NZ apologises for the problem and is doing everything it can to rectify it,” said Deputy Chief Executive David
Naulls. “We have a team of IT consultants and independent IT security consultants working on analysing the attack and
restoring the site”.
“I would like to emphasise that computer users who visited the site during the period it was attacked are unlikely to be
at risk if their operating system updates and anti-virus and anti-spyware are up to date,” he said.
As soon as it was aware that something was wrong with the site Consumer NZ contacted its internet security advisers.
Throughout Monday, Monday night and today IT security professionals undertook an extensive audit of the website. The
attack is similar to those that have brought down other websites recently – including Sony Playstation and the
Queensland Government tender site.
David Naulls said “We have just received a full report on how the attack was carried out and what we need to do to fix
the problem. There are a small number of issues that need to be worked on. We hope to be up and running by next week but
won’t push the button until we are certain that the problem and the system has been modified to make sure it w`nt
happen again.
Consumer NZ is now notifying all its members who logged in over the weekend about the nature of the attack and what
people can do to protect their computer. It is also emailing all its website subscribers with this information and is
posting a notice at consumer.org.nz. It has also informed the Police e-crime laboratory.
Members can also get further information on 0800 266 786 between 8.30 and 5.00 pm.
---What Consumer advises---
If you did not visit consumer.org.nz during the weekend of the 5 to 6th of July, you will not be at any risk.
If you did visit the site during this time, and you aren’t sure if you have up-to-date operating system security patches
and both anti-virus and anti-spyware software, then you should:
Immediately check and carry out any updates required for your operating system and anti-virus software.
Then run a full system scan using the updated anti-virus software. This should identify and remove any possible
infections.
If you visited the site during this time, and you have up-to-date security patches and anti-virus software, you should
not be at any risk. However, we would still advise you to carry out the steps outlined above as a safety precaution.
If you need any further information or help, please feel free to contact us on 0800 266 786. Or refer to our online
resource relating to this at consumer.org.nz.
The May issue of Consumer (number 480) contains test results on most popular computer security suites and a PDF of this
article is available for free at consumer.org.nz.
ends