The popular Six Sigma information site isixsigma.com became the victim of hacker attacks late this week. The Google safe browsing advisory contained the following information regarding the attack.
What is the current listing status for isixsigma.com?
Site is listed as suspicious – visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 12 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 251 pages we tested on the site over the past 90 days, 176 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-05-30, and the last time suspicious content was found on this site was on 2009-05-30.
Malicious software includes 234 scripting exploit(s), 198 exploit(s), 179 trojan(s). Successful infection resulted in an average of 5 new process(es) on the target machine.
Malicious software is hosted on 4 domain(s), including ti86.cn/, on65.cn/, 6eo7.cn/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ti86.cn/, 6eo7.cn/.
This site was hosted on 3 network(s) including AS16429 (MAXIMUMASP), AS15169 (GOOGLE), AS14992 (CRYSTALTECH).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, isixsigma.com appeared to function as an intermediary for the infection of 5 site(s) including sixsigmacompanies.com/, 18.104.22.168/, isixsigma.net/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 8 domain(s), including sixsigmacompanies.com/, 22.214.171.124/, issurl.com/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Michael Cyger, Founder and former owner of the site, reported to this author yesterday that isixsigma.com was aware of the problems and was working to correct them as soon as possible. He gave no estimate of when the problems might be corrected.
Update May 30, 2009
UPDATE-I received this response from CTQ Media (Owners of isixsigma.com) to my LinkedIn posting on this story
All virus protection is current, but we are experiencing some technical difficulties that for some (this is only affecting a small portion of our readership) results in these warning messages (which have inconveniently been spidered by the search engines resulting in the search engine notices).
Our team is working around the clock to fix this as quickly as possible. We apologize to everyone for the inconvenience and appreciate your patience. A complete fix is expected at any time.
Update June 24, 2009
A Message from CTQ Media
June 24th, 2009
You are seeing this message because CTQ Media’s websites (iSixSigma.com, RealInnovation.com,
BPMEnterprise.com, Sourcingmag.com and Advanced Survey) have been shut down for repairs. We did that
as the final step in overcoming a particularly malicious hack a few weeks ago that was sophisticated enough
to breach the firewall of our server provider.
We are in the process of moving our sites to another server and instituting other significant infrastructure
changes to protect our sites from further interference. Our e-media team and the additional expert help we
hired calculate it will take several days to complete this move. We are taking the extra time and effort to
ensure that the sites are safe and reliable. We will be back online as quickly as possible once our systems
are clean, functional and fully tested.
I must apologize for problems this occurrence has created for you. We know that the loyal users of our sites
have been inconvenienced by this problem, and we are doing everything in our power to resolve the issue.
As soon as we are back online, we will reach out to users through every means at our disposal. In the
meantime, please return to this site soon where we intend to have you find us up and running.
Vice President and Publisher
CTQ Media and iSixSigma
Update: August 7, 2009
I received the email below from Jessica Harper, Editor of isixsigma
Thank you for writing. As a Firefox user, I have been seeing those messages
as well for the last couple of days. There was a suspicious script that has
been discovered and removed. The warnings continued, however, until Google re-indexed the site. I am able to access iSixSigma.com this morning without the warning screens. Please let me know if you are seeing the same thing or something different, as I want to pass that information on. Also, please know that the team is continuing to carefully watch for any suspicious
I am pleased to report that I am now able to access http://www.isixsigma.com/ without any more scary messages. Since this is one of my favorite sites, I’m pleased that the incident is finally behind them. Visit the site and join the rest of the Lean Six Sigma community in welcoming them back!