Trend Micro CTO puts record straight

A recent hacking attack that affected Trend Micro’s website did not endanger internet surfers and was handled correctly, the company’s CTO claimed today.

On March 12 the company’s website was affected by a wide-ranging web attack, as reported by Infoworld.com . Thought by Google to have hit some 20 million websites, this Javascript attack attempted to redirect users to a website that would load malicious code onto their PCs, and could in turn have led to hackers gaining user information.

However according to Trend Micro’s chief technology officer, Raymond Genes – speaking to itp.net today – users of Trend Micro’s website were kept safe by its anti-Javascript coding approach.

“On the 12th of March, we discovered that around 25 web pages had been infiltrated; these pages were English and Japanese pages concerned with malware, including our Virus Enclopedia. When this infiltration was discovered, by our own monitoring tools, we shut down the site for approximately nine hours in order to run a forensic analysis and do a permanent fix,” Genes said.

Users were never at risk from the threat however, Genes claimed: “The Javascript malware works by attempting to start a page redirect to another site; a malware site based in China that then inserts malicious code onto the user’s computer. However because of our site’s proper HTML encoding – our site doesn’t allow Javascript unless absolutely necessary – this attempt didn’t work. All that was displayed on our pages was HTML text, and only if the user had copied this text manually and gone to that URL would have been a problem.”“No site is completely immune from compromise,” Genes concluded.