Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Circuit City Fixes Forum Flaw That Infected IE Users

Circuit City Stores Inc. on Thursday patched a customer support message forum Web site that had been silently installing a backdoor Trojan on visitors' PCs for more than two weeks.

Sometime on or about May 17, hackers broke into a home theater message board on Circuit City's online site, said Bill Cimino, a spokesman for the Richmond, Va.-based electronics retailer. "We're trying to backtrack to when the break-in actually occurred," Cimino said Friday.

From then until Thursday, June 1, visitors to the forum who were running unpatched versions of Microsoft's Internet Explorer were directed to a Russian-based Web site that tried to install a Trojan horse which would give attackers full access to the compromised PC.

Cimino said that Circuit City is still trying to determine how many people may have been at risk. "We're sure that the number is fairly low, but I'm still working on getting a total. Right now all I have is the number of registered users."

Of the message board's 1,260 registered users, Cimino said that about 200 visited the forum during the two-week span of the attack. Visitors don't have to register to access the forum, however, or to read its messages, so the total number of IE users who cruised the board may be considerably higher than 200.

  • 1