Security firm Tier-3 has warned companies to review IT security arrangements following a potentially serious spam incident that affected the email servers of furniture giant Ikea.
Tier-3 said that Ikea had recently closed a serious security hole that gave hackers and phishers full access to its email servers, allowing them to send bulk email from the furniture giant's systems.
Geoff Sweeney, chief technology officer at Tier-3, said that the most troubling aspect is that the flaw allowed hackers to use Ikea as a launch pad to send specially targeted emails containing zero-day Trojans or root-kits.
The emails could pass through almost all email and anti-spam filters as they come from a perfectly genuine Ikea domain.
Sweeney warned that the sinister aspect of this type of attack is that it is targeted at specific people in an organisation.
When emails appear from a trusted source, and can evade the latest antivirus signatures, there is a chance that an organisation's entire security defence will be beaten.
"Ikea's problems were caused because the contact template on the firm's home page was inadequately secured, allowing hackers to insert alternative email addresses in a contact form," said Sweeney.
"This basically allowed anyone with a little technical knowledge to generate millions of phishing and/or spam messages from Ikea's mail servers using a simple script."
The potential damage to the company's reputation, and the possibility of email blacklisting, could be significant, according to the security expert.
"This is a classic case of where, with a little forward planning and investment in IT security technology, Ikea could have avoided denting its reputation," he said.
"It is hard to believe that Ikea reportedly did not close this security hole immediately but left it open for a further five days after being warned about it."
Attack volumes set to rocket in the next few weeks 09 Jan 2008
Cyber-criminals changing malware signatures every few hours 15 May 2008
Three out of four financial institutions at risk, claims report 25 Jul 2008
Report claiming solar panels take over 100 years to recoup their value is just plain wrong, say manufacturers 05 Sep 2008
New hybrid hatchback designed to make dual-drive vehicles more affordable 05 Sep 2008
Republican attempts to highlight differences over energy policy as both candidates pledge to deliver US energy independence 05 Sep 2008
More news
Once your company has gathered up all the low-hanging fruit, what comes next? Sarah Fister Gale finds that the answer lies in everything from multi-million dollar energy efficiency programmes to printers powered by exercise bikes 03 Sep 2008
Slow journey times mean airships are highly unlikely to replace passenger jets, but, as Danny Bradbury discovers, a flotilla of new companies are convinced that low-fuel costs mean the old-fashioned aircraft could have huge appeal to freight operators 02 Sep 2008
Recent claims from the oil giant's chief executive suggesting tar sand extraction is required to slow the shift to coal may have caught the eye, but as BusinessGreen.com discovers they do not make much sense 28 Aug 2008 More in-depth
Post your comment
Send an email to the Business Green editor at feedback@businessgreen.com
