Major Far Eastern human rights portal cracked to serve up malware - AlienVault

AlienVault's research team have discovered a large human rights Web portal that has been compromised and is serving up malware to site visitors

Ismaning b. Muchen, (PresseBox) - The ASEAN site compromise is notable as the portal is both high profile and may be linked to Google's warnings on state-sponsored attacks, says Jaime Blasco - a researcher with the Security Information and Event Management (SIEM) solutions specialist - who adds the crack appears to centre around a Windows XML Core zero-day vulnerability (http://bit.ly/N2xxU2)

"Whilst this high-profile portal crack and consequent drive-by malware-fest is notable for being a possible hostile act by another government and/or its supporters, the fact that Windows flaw has been exploited so quickly and comprehensively proves the need for vigilance and understanding of zero-day flaws," he said.

"It also, of course, underlines the need to patch your operating system as well as the applications software on a very regular basis, regardless of how large - or small - your computer systems estate is," he added.

The AlienVault researcher went on to say that the CVE-2012-1889-linked vulnerability exploit on the ASEAN human rights portal appears to involve the same group as the site hacks reported by colleagues at Sophos.

Every time a page is displayed to the visitor, the content is modified and additional html code - in this case actual exploit code - is inserted dynamically to the user's Web browser:

The malicious code, he says, checks the operating system version - as well as the Java Run Time Environment code - presented on the visitor's computer, loading a payload delivery Flash file - Geoffrey.swf - if the visitor's system is WinXP or Win7-powered.

The infection is also notable, he adds, because another file - icon.js - loads externally and interrogates the visitor's computer for a wide variety of information - including details of which IT security/AntiVirus software that is running - which is then relayed to an remote Internet server.

Thanks to its research, AlienVault has extracted a variety of this interrogative information, including the following revealing screenshots:

Blasco concludes that the number of state-sponsored incidents involving Southeast Asian Nations have been increasing in recent last months, especially when it comes to private sector (non-governmental) organisations.

"We have described a technique used by attackers to perform reconnaissance that gives them information about potential targets including software and Antivirus versions," he says in his latest security posting.

This information can be used to perform future attacks on the victims. Being able to detect the Antivirus used by the victim within the browser opens new options when exploiting the system. The attacker can drop different payloads based on the detected Antivirus to evade detection," he adds.

For more on the compromised Far Eastern ASEAN portal: http://bit.ly/LFiRdD

For more on AlienVault: http://www.alienvault.com

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Was sich durch die DSGVO bei Online-Werbung ändert

Die Da­ten­schutz-Grund­ver­ord­nung (DSG­VO) ent­hält kei­ne spe­zi­el­len Re­ge­lun­gen für Wer­bung. Das be­deu­tet aber nicht, dass kein Hand­lungs­be­darf be­steht, im Ge­gen­teil. Wer On­li­ne-Wer­bung nutzt, muss ei­ni­ges prü­fen, um sich auf die Da­ten­schutz-Grund­ver­ord­nung vor­zu­be­rei­ten. Ei­ne gro­ße Rol­le spielt da­bei die Fra­ge nach der Ein­wil­li­gung oder ei­ner an­de­ren Rechts­grund­la­ge.

Weiterlesen

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.