Feeds

Indian embassy website hack part of wider assault

Ad ranking scam or massive malware attack?

Providing a secure and efficient Helpdesk

The compromise of legitimate websites with hostile code ultimately designed to serve up malware onto the PCs continues apace, with the latest victims including the Indian embassy in Spain.

Security researchers Ismael Valenzuela (here) and later Dancho Danchev (here) discovered that the the Indian Embassy in Spain was serving malware through an injected malicious iFrame.

The assault represents a rare but not unprecedented assault on diplomatic immunity by hackers. Previous victims of embassy malware attacks in the past include the US Consulate in St Petersburg, The Netherlands Embassy in Russia and the Ukraine Embassy Web site in Lithuania.

Analysis of the Indian Embassy assault by Trend Micro revealed that the attack was part of a wider code injection push that's either an "advertisement scam or a massive malware attack in its early stages".

The code inserted into the compromised websites injects pages that look like blog entries into the compromised sites' domain, linking to illicit pharmaceutical websites. The purpose of the attack could be either to raise the search engine ranking of malvertised websites or a plot to use the legitimate domains of the compromised websites in order to evade spam filters.

Since the websites involved are already compromised, simply modifying tags would turn the seemingly "non-malicious" injection of code into a full-blown malware attack, Trend Micro warns.

In other separate examples of code injection attacks, the Times of India website was infected by malicious code identified by Sophos as Badsrc-C. The Russian Pravda website has also become infected with malicious scripts, Sophos reports, but fortunately this is not pointing at a website currently serving up further malware.

Circumstantial evidence suggest the three attacks are only related via the use of similar techniques.

"The three attacks are directing people to different malign sites using techniques such as SQL injection, to plant code of legitimate sites left open to attack," explained Graham Cluley, senior technology consultant at Sophos. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.