• Subscribe to the low volume list for updates.

UN and other high profile web sites compromised

More attacks on high profile web sites. It is clear from this article that the attackers found the victim sites by scanning servers and pouncing on the found vulnerabilities. The compromised servers were then used to serve up malicious code to build a botnet.

It is highly likely regular vulnerability analysis would have saved these web sites.

The attack on the UN Asia Pacific website is believed to originate from the same group responsible for attacks on the US-based Biotechnology Information Organization and the prominent Indian Syndicate Bank.

The financially-motivated incursions, launched from the same remote location, infected a server common to all three websites and downloaded a Trojan to visitor computers via drive-by attacks.

A keylogger and a Trojan were downloaded to visitor computers, flagged by an online scanner as positive to multiple Microsoft vulnerabilities, via hidden Java iFrames which is an old trick to refer visitors to a compromised server.

The Trojan maintains a backdoor, allowing attackers to monitor and hijack user machines to steal valuable user data, and turn the computer into a zombie as part of a botnet horde.

Websense Australia and New Zealand country manager, Joel Camissar, said such attacks exploit remote servers with weak security and typically target common brand names to maximise exposure.

"The groups will target ISPs which don't have sufficient security, common brands of servers, and servers in locations without tight controls or law enforcement."
"Typical scanners [used in attacks] only scan for one vulnerability but this looked for multiple exploits.

Computer World Uk - Artcile .