Feeds

Indian embassy website hack part of wider assault

Ad ranking scam or massive malware attack?

Internet Security Threat Report 2014

The compromise of legitimate websites with hostile code ultimately designed to serve up malware onto the PCs continues apace, with the latest victims including the Indian embassy in Spain.

Security researchers Ismael Valenzuela (here) and later Dancho Danchev (here) discovered that the the Indian Embassy in Spain was serving malware through an injected malicious iFrame.

The assault represents a rare but not unprecedented assault on diplomatic immunity by hackers. Previous victims of embassy malware attacks in the past include the US Consulate in St Petersburg, The Netherlands Embassy in Russia and the Ukraine Embassy Web site in Lithuania.

Analysis of the Indian Embassy assault by Trend Micro revealed that the attack was part of a wider code injection push that's either an "advertisement scam or a massive malware attack in its early stages".

The code inserted into the compromised websites injects pages that look like blog entries into the compromised sites' domain, linking to illicit pharmaceutical websites. The purpose of the attack could be either to raise the search engine ranking of malvertised websites or a plot to use the legitimate domains of the compromised websites in order to evade spam filters.

Since the websites involved are already compromised, simply modifying tags would turn the seemingly "non-malicious" injection of code into a full-blown malware attack, Trend Micro warns.

In other separate examples of code injection attacks, the Times of India website was infected by malicious code identified by Sophos as Badsrc-C. The Russian Pravda website has also become infected with malicious scripts, Sophos reports, but fortunately this is not pointing at a website currently serving up further malware.

Circumstantial evidence suggest the three attacks are only related via the use of similar techniques.

"The three attacks are directing people to different malign sites using techniques such as SQL injection, to plant code of legitimate sites left open to attack," explained Graham Cluley, senior technology consultant at Sophos. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.