Alpha Media’s NewsDay website down. Malware compromise

Staff Writer Avatar

We received a tip this morning that the NewsDay website, www.newsday.co.zw, is down. Web browsers currently report that malware (malicious software) has been detected on the site and that visitors are at risk of malware infection if they open the website.

Here’s a screenshot of part of a warning Google Chrome is giving:

Opening past the warning produces the database error below:

According to a Google diagnostic page, the malware on the NewsDay website was detected yesterday on 3 of 52 pages that the Google crawler tested. It’s not clear yet just how the malware was injected into the website.

NewsDay is the online version of a Zimbabwean daily newspaper by the same name, which is owned by Alpha Media Holdings. The paper is one of the most popular daily newspapers locally.

Alerted to the NewsDay’s compromise, publisher and owner of the paper, Trevor Ncube, has responded on Twitter that he’s following up on the issue. Ncube also publishes South Africa’s Mail & Guardian weekly newspaper, The Zimbabwe Independent and The Sunday Standard.

Incidents of compromise of Zim websites by hackers have been on the increase lately. Just two months ago, the Zimbabwe Stock Exchange website was hacked and used to spread of malware. It was eventually shut down by the hosts, Webdev, and remains down to this day. The NewsDay website is also hosted by Webdev.

Alpha Media We’re reaching out to both Alpha Media Holdings and Webdev for more details.

UPDATE: (03 Oct 2011): Alpha Media Holding has updated it’s website. We’ve been hacked, the message says.

Dear Newsday readers, Newsday is currently under maintenance due to a hacking attack on our site. We will restore the site as soon as possible.

 

24 comments

  1. Tendy Fish

    i like the direction the cyberworld is taking in Zimbabwe,…..it show progress in the technology sector!!!!

    1. Masimba

      celebrating this?

  2. Wburwa

    remember also dailynews has been down….I smell fish here….(Iran, China??)

  3. JamesM

    Sounds like SQL injection to me, spectacularly revealing a program’s SQL statements as the firefox screen shot shows. A case of sloppy programming I often see on WordPress, Joomla, Drupal, etc sites. While these tools are excellent and I use them quite often, anyone who uses them still need to have a programmer in-house or consult one. Any customization programmers (good and experienced programmers i.e.) do atop these tools still need to be done with basic security in mind. But then again it could also be a case of wholesale sloppy and inexperienced programming.

    1. ngth

      More likely sloppy deployment and maintenance, first the site should be configured to give a generic error page not reveal details of the error to everyone who accesses it.  Secondly if you are using a framework you need to keep it patched.  There is no evidence that their sloppy programming that resulted in this, but more likely a flaw in the underlying framework that should have been corrected by the framework authors and a patch installed.  Most developers fire and forget about a site, never patching it, because most customers do not want to pay for ongoing maintenance.

    2. Takunda Sam

      I don’t think so, i doubt if anyone “in-house” wrote a line of code besides basic customizations. I suppose it’s ignorance, it takes a minute a day to check for any newly discovered vulnerabilities. Almost all major WordPress sites have been hacked in the past two months mainly because of the recent spam of zero-day vulnerabilities & it takes a single download to update.

  4. ngth

    I think the site was developed in house using Code Ignitor (PHP), but I could be wrong.  Using such a framework not only makes your developer’s life easier but also any hacker’s job much simpler as there are known exploits.  Once again it comes down to companies and developers committing on going resources to patching and upgrading.  It was a very nice site, one of the better news websites (not talking about content, merely the site itself), but it obviously was not being maintained at a technological level.

    I feel for the hosting companies like Webdev, they had nothing to do with the development of this site or the ZSE site, yet their names get associated with the hack.  My only hope is that their servers are setup properly so that one site being exploited does not compromise the entire server (in a shared hosting scenario).

  5. KuraiMGT

    Why is it taking so long………………

  6. tinm@n

    goes to show that many could easily lack in the level of preparedness on how to handle all the risks associated with being connected to the rest of the world. Soon broadband will make its way to the average business/consumer, and there will be a host of issues that we’ll have to deal with.

  7. David

    why are we blaming the developers only its also the web hosting companies duty to protect website

    1. ngth

      It is not the web hosts job to secure your code.  The information we have is that it was a hack using a known exploit in Code Igniter.  The hosting company is only responsible for securing access to the server and making your site available to the world.  If your site is compromised then it is your fault not the hosts.  If however someone roots their server (maybe through someone elses site) and then compromises your site, then yes it is the hosting company’s problem, but there is no evidence this happened.

      1. tinm@n

        how can u be so sure its Code Igniter?

        you also say “there is no evidence this happened”. Do you have access to their logs?

      2. David

        the site is a standard joomla template you can purchase don’t know where you found out that it was made with Code Igniter. Can you tell whats he webhost job besides hosting your site

        1. ngth

          (and replying to tinman) I thought there were some reviews a while ago about the various newspaper sites and most being in joomla but newsday was the exception with their own code ignitor written site, I could be wrong and cant find the page now.  Either way they using some kind of open source base, which probably was out of date.

          The only evidence we have is that this one site was hacked, none of the other webdev hosted sites seem to be compromised, including their other newspaper sites (herald, independent etc).  So I am presuming it is a flaw in the newsday site that allowed this not a flaw in the webdev hosting.

          The webhost is only responsible for getting your code online, they are not responsible for ensuring your code is secure or up to scratch.  You effectively just leasing some processing power and bandwidth nothing more.  If they wrote the site then that is a different matter all together.

          1. David

            but have we not have 3 webdev site come down already

            1. Email

              maybe its because they are just important websites?? is there really a point in hacking websites that nobody visits or knows about??

              you need to remember that security applies to the network, to the server and to the website at different levels. it does not mean that because your webserver or network is secure, that everything else (including your website or web applications) are secure as well, or vice versa.

              clearly you have no idea of what you are talking about. before you school the techzim community with your expertise, please learn how to tell the difference between joomla and any other php based website. bravo!

            2. Garth @ webdev

              2 sites of the recent hacked sites are hosted by webdev. both hacks are are code related, not server related. neither of the sites were developed by webdev.

          2. tinm@n

            All I’d like to point out is that you cant say with certainty that it is the webhost OR the CMS/Framework that provided an avenue to attack the site. Unless we had the full details, any one of them could be responsible.

  8. Anonymous

    l have seen a Laptop from one executive turned into a toy to play all sorts of pirated games by his kids as soon as he gets home. l asked if l can have a look at the laptop and sure enough it have one user account with an administrator account level. lt also didnt have any AV on it and contained all the critical information for the corporate he works for.

    As much as it look technical, it might not be that. lt might be a laptop or PC from the editor who allows his her kids to do whatever they want with his her computer. lts common knowledge that viruses are embedded in pirated games and movies.  

  9. David

     @983f3473ee779fd23f98478ef458189f:disqus thank you garth now i have your attention could you shed some light on the ZSE website hack

    1. Garth @ webdev

      From what I remember the ZSE hack was through a joomla component.

  10. Guest

    I dont think many local corporate take security seriously, they are all surviving by the grace of God! move around these orgs, you will be shocked by the level of complacency !

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed