Consumer warning over internet attacks

Consumer warning over internet attacks

Consumer NZ is warning other website operators to be vigilant – particularly those using SQL databases – after its website was attacked at the weekend.

Late on Saturday night the site was subject to a SQL injection attack in the form of an automated worm that exposed visitors to the site to a Trojan virus. The attack was discovered by a staff member at 4pm on Sunday when they came into the office and accessed the website. The site was shut down within the hour and has been offline ever since.

“Consumer NZ apologises for the problem and is doing everything it can to rectify it,” said Deputy Chief Executive David Naulls. “We have a team of IT consultants and independent IT security consultants working on analysing the attack and restoring the site”.

“I would like to emphasise that computer users who visited the site during the period it was attacked are unlikely to be at risk if their operating system updates and anti-virus and anti-spyware are up to date,” he said.

As soon as it was aware that something was wrong with the site Consumer NZ contacted its internet security advisers. Throughout Monday, Monday night and today IT security professionals undertook an extensive audit of the website. The attack is similar to those that have brought down other websites recently – including Sony Playstation and the Queensland Government tender site.

David Naulls said “We have just received a full report on how the attack was carried out and what we need to do to fix the problem. There are a small number of issues that need to be worked on. We hope to be up and running by next week but won’t push the button until we are certain that the problem and the system has been modified to make sure it w`n™t happen again.

Consumer NZ is now notifying all its members who logged in over the weekend about the nature of the attack and what people can do to protect their computer. It is also emailing all its website subscribers with this information and is posting a notice at consumer.org.nz. It has also informed the Police e-crime laboratory.

Members can also get further information on 0800 266 786 between 8.30 and 5.00 pm.

---What Consumer advises---

If you did not visit consumer.org.nz during the weekend of the 5 to 6th of July, you will not be at any risk.

If you did visit the site during this time, and you aren’t sure if you have up-to-date operating system security patches and both anti-virus and anti-spyware software, then you should:

Immediately check and carry out any updates required for your operating system and anti-virus software.

Then run a full system scan using the updated anti-virus software. This should identify and remove any possible infections.

If you visited the site during this time, and you have up-to-date security patches and anti-virus software, you should not be at any risk. However, we would still advise you to carry out the steps outlined above as a safety precaution.

If you need any further information or help, please feel free to contact us on 0800 266 786. Or refer to our online resource relating to this at consumer.org.nz.

The May issue of Consumer (number 480) contains test results on most popular computer security suites and a PDF of this article is available for free at consumer.org.nz.

ends