Ansett Australia frequent flyer club members who accessed a promotional section of the company’s website a week ago were greeted with a message saying “This site has been hacked by Chinese”.
The site vandals left a URL as part of the message, www.worm.com, which appeared when members entered their details to take part in a promotion. Whether it was linked to recent viruses is unclear. The problem sounds similar to the one caused by the recent Code Red worm, which exploits a buffer overflow vulnerability in certain configurations of Microsoft's Windows NT and Windows 2000 operating systems. With that worm, if an affected host's default language is English, Code Red will deface all web pages served by the affected host with the message "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!" In addition to web defacement, the worm causes a degradation in overall system performance as it scans other hosts in a bid to propagate itself, CERT Coordination Center say.
Ansett spokesman Geoff Lynch says an investigation was launched as soon as the message’s presence was recorded and there was no evidence the details of the 10 or so club members who had opted to take part in the promotion were accessed.
“There was no danger to anyone’s PC, systems or hard drive, but we removed the page to retain confidence in our site.”
The page was set up on a contract basis by an outside company and used a different server to Ansett, Lynch says. Nothing of the sort has happened to Ansett’s site before, he says.
“There’s no indication as to who is responsible. A review has been initiated, but the findings haven’t been released yet.”