Indian embassy website hack part of wider assault
Ad ranking scam or massive malware attack?
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
The compromise of legitimate websites with hostile code ultimately designed to serve up malware onto the PCs continues apace, with the latest victims including the Indian embassy in Spain.
Security researchers Ismael Valenzuela (here) and later Dancho Danchev (here) discovered that the the Indian Embassy in Spain was serving malware through an injected malicious iFrame.
The assault represents a rare but not unprecedented assault on diplomatic immunity by hackers. Previous victims of embassy malware attacks in the past include the US Consulate in St Petersburg, The Netherlands Embassy in Russia and the Ukraine Embassy Web site in Lithuania.
Analysis of the Indian Embassy assault by Trend Micro revealed that the attack was part of a wider code injection push that's either an "advertisement scam or a massive malware attack in its early stages".
The code inserted into the compromised websites injects pages that look like blog entries into the compromised sites' domain, linking to illicit pharmaceutical websites. The purpose of the attack could be either to raise the search engine ranking of malvertised websites or a plot to use the legitimate domains of the compromised websites in order to evade spam filters.
Since the websites involved are already compromised, simply modifying tags would turn the seemingly "non-malicious" injection of code into a full-blown malware attack, Trend Micro warns.
In other separate examples of code injection attacks, the Times of India website was infected by malicious code identified by Sophos as Badsrc-C. The Russian Pravda website has also become infected with malicious scripts, Sophos reports, but fortunately this is not pointing at a website currently serving up further malware.
Circumstantial evidence suggest the three attacks are only related via the use of similar techniques.
"The three attacks are directing people to different malign sites using techniques such as SQL injection, to plant code of legitimate sites left open to attack," explained Graham Cluley, senior technology consultant at Sophos. ®
COMMENTS
One comment only...
And that's nothing to do with the subject, only the way it was presented.
Right... So that's one website nobody gives a damn about, it seems.
Yes, I know that I shouldn't start a sentence with "and".
A Pedant Writes
"...the Indian Embassy in Spain was serving malware ..."
I'm surprised that the Indian Embassy in Spain went to the trouble of installing web-servers on their premises when Spain is a modern EU country with, I assume, many web-hosting providers.
Or, did you mean 'the website of the Indian Embassy in Spain...' ?
"The assault represents ...."
It's not an assault, it's malicious interference with equipment/documents.
"..assault on diplomatic immunity by hackers."
Diplomatic immunity is a privilege granted to diplomats so that they can't be prosecuted for any crimes they might 'accidentally' commit. Also, they don't get searched going through customs. The hackers did nothing to degrade these privileges.
I know my comments are pedantic but if I want a Daily Mail level of presentation and analysis, there are lots of places I can go.
It's difficult enough nowadays for people to gain a proper understanding of technical issues, especially with the hype and drivel written about IT/internet related matters, but I had hoped for better presentation from The Register.
More in sorrow than anger ....blah....blah..
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
