On Saturday, we posted information revealing that the hacking of the ZSE website that happened last week was at the application level. We have since received more details of the hacking incident itself and it appears the ZSE website was used by the hackers to host viruses and a phishing website.
The ZSE website was apparently not only attacked once, but twice.
The first time, a virus file on the address ‘http://www.zse.co.zw/…/sexy/video_safadeza.com’ was discovered on 25 July 2011. Apparently, the virus was flushed out by the hosting company. The second infection was detected on 3 August and this time, using the administrator privileges, the attacker had planted a phishing site on the ZSE website. The phishing site was meant to fool unsuspecting customers into believing they were on a Brazilian bank website, the Santander Bank, and the planted website’s address was ‘http://www.zse.co.zw/www.santander1.com.br/’. The real Brazilian Santander Bank website address is www.santander.com.br
The ZSE website was taken down after the second compromise and still down.
So far, it appears the attackers were not particularly interested in the ZSE website itself or any information it has, but just found it vulnerable enough to be used to host viruses and phishing sites. We imagine there are hundreds other local websites out there that are similarly unsecured and possibly compromised as well. The ZSE is just a high profile organization hence this being news.
There have been worse website hacking incidents in Zimbabwe, the notable one being that of a website belonging to Zimbabwe’s largest telecoms firm, Econet Wireless Zimbabwe. In December 2010, Econet’s broadband website was defaced by an individual apparently unhappy with the quality of services offered by the company.