A second Indian government Web site – operated by the Institute of Remote Sensing – has been compromised for malware purposes, says Finjan Inc., one of the big names in secure web gateway products and a provider of unified web security solutions for the enterprise market. News that the site has been hacked by cybercriminals came after Finjan reported that the Government of India portal was hacked back in May of this year.

“This latest hack is interesting on two fronts. First the attack has happened despite the Indian government stepping up security on its hosting servers. And secondly, the cybercriminals have added a script into the site that adds an iFrame attack to the page,” said Yuval Ben- Itzhak, Finjan’s chief technology officer.

“The page then re-routes to a LuckySploit-infected server in Texas that fires off multiple attacks across the Internet. Early reports suggest that the site hack and re-route has infected several thousand Internet users,” he added.

According to Ben-Itzhak, the LuckySploit toolkit uses a variety of methods to infect users and is notable for using a complex encryption system to hide what it is doing. The bad news about this exploit is that the infected pages are only detected by 4 out of 41 anti-virus engines on the Virustotal.com code checking portal.
Finjan’s malicious code research team has notified the Indian CERT (Computer Emergency Response Team) operation about the problem.

“More than anything, this infection teaches us that any site can be compromised and serve malicious code without the site owner knowledge. This is why Web protection utilizing real-time content inspection is needed for businesses to prevent such attacks and keep their valuable data away from hackers,” added Ben-Itzhak
“Individual users should also consider installing a URL-checking browser plugin such as Finjan’s free-to-use SecureBrowsing tool,” he said.

Share on Facebook

The outbreak of swine flu has provided hackers a new opportunity to attack your computers.

With the virus fast-spreading and people wanting more information on the pandemic flu and safety, the hackers are capitalising on their fear to spread malicious content.

“The attacks arrive through an unsolicited email message typically containing a subject line related to the swine flu. These email messages may contain a link or an attachment,” said an advisory by the Computer Emergency Response Team (CERT), the cyber security agency operating under the ministry of communications and IT.

“If users click on this link or open the attachment, they may be directed to a phishing website or infected with malicious code,” the CERT added.

The mails in fact look quite interesting with subject lines like ‘Swine influenza: frequently asked questions.pdf’, inviting users to click to know more about the subject.

“This is as an email with attachment and being used to drop malware on computers. It takes advantage of a vulnerability in Adobe ( a software) to drop a malicious ‘infostealer’ Trojan on the user’s computer,” said CERT.

“This is then used to steal personal information, such as credit card number and online bank credentials.”

Among some of the eye-catching subject lines that will tempt a user to click on the link include: ‘Madonna caught swine flu!’, ‘Swine flu worldwide!’ and ‘Swine flu in Hollywood!’

The CERT added that instances of such malicious attacks might increase with a number of new websites being registered with the term “swine flu” included in them.

“Right now they are not used for anything, but it is anticipated that at some point, these sites may be used for spamming purposes, perhaps advertisements or even greater malicious use,” it added.

Share on Facebook