Mass Web defacement
16th August 2004 (Computimes)
By SHARIFAH KASIM

THE Malaysian Computer Emergency Response Team (MyCert) is advising systems administrators to be on alert, as mass Web defacement incidents appear to be on the rise.

Its manager Solahuddin Shamsuddin said many local Web sites had been affected by such activities, which resulted in the emergence of strange messages and cyber graffitis. Those possibly affected include the .gov.my, .net.my, .edu.my and .org.my domains, running on Windows 2003, Windows 2000 and Linux servers.

He said such incidents could be caused by hacker activities leading to a global conference scheduled to take place in the United States in February.

Last January a similar incident occurred, which was attributed to activities by Brazilian hacker groups, affecting over 100 local sites. In the latest occurrences, the mass Web defacement activities are carried out by three hacker groups, namely Command Tribulation, Z1gfr-0id3 and 7 Crews.

Even though the act of Web defacement is typically not financially driven, it could mean loss of business for site owners involved in electronic transactions, Solahuddin said. "For mainly information-based sites, the impact might not be great, but for sites that handle e-commerce, the impact is much greater," he told Computimes last Friday.

As the number of affected local Web sites could escalate, MyCert has been sending alerts to systems administrators and owners of Web sites as well as posting updates on the incidents on its site.

MyCert's advice is to assess their systems' vulnerabilities through such actions as scanning server systems for possible backdoors and monitoring system logs for any sign of irregularity.

"Upgrade and patch your software, services and applications, and disable default services supplied by vendors that are not necessary or needed," Solahuddin said, adding that MyCert could offer further advice and assistance.

As at Press time, 37 Web sites under the .my domain were affected, including five sites under .gov.my, 20 sites under .com.my and 10 sites under .edu.my.

Of the affected sites, 10 were rectified to reflect the original contents, 21 sites were being rectified, and six sites were still online with defaced pages.

Web defacement is carried out by hackers who manage to gain access and change the contents of a Web site. The messages these hackers leave behind vary from merely placing their alias or logo to replacing the original contents with whatever content they wish, similar to how traditional graffitis are written.

While Web defacement is largely done by hackers seeking recognition, it could have financially-adverse repercussions.