Malicious code added to open-source Piwik following website compromise

By Dan Goodin Ars Technica Nov 27 2012

Hackers inserted malicious code into the open-source Piwik analytics software after compromising the Web server used for downloads.

Piwik boasts more than 1.2 million downloads and the program’s maintainers are warning those who installed Piwik 1.9.2 during an eight-hour window on Monday that their Web servers may be running malicious code. The backdoor, which was included in versions downloaded from 15:45 UTC to 23:59 UTC, causes servers to send data to, according to people participating in this Piwik user forum. The IP address connecting that domain name to the Internet has reportedly been used by online scammers in the past.

The attackers compromised by exploiting a security vulnerability in an undisclosed plugin for WordPress, another popular open-source program. The Piwik advisory said maintainers aren’t aware of any “exploitable security issues” in the program itself. Piwik is used to deliver detailed analytics that track in real time the traffic hitting a website.

The hack is only the latest to compromise a popular provider of open-source software. In September, malicious code was found in phpMyAdmin after one of the mirror sites for SourceForge, which hosts more than 324,000 open-source projects, was compromised. In June 2011, WordPress required all account holders on to change their passwords following the discovery that hackers contaminated it with malicious software. Three months earlier, maintainers of the PHP programming language spent several days scouring their source code for malicious modifications after discovering the security of one of their servers had been breached.


______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More!