Indian Embassy in Spain Hacked to Deliver Malware

In the most recent incident of hacking the website of an embassy, the Indian Embassy in Spain was attacked as its website www.embajadaindia.com was compromised to deliver malware.

The hacking of the website was discovered by Ismael Valenzuela, a security researcher serving as Global ICT Security Manager at iSOFT, provider of healthcare software, and Dancho Danchev, a security consultant working independently.

According to the reports, on downloading the embassy's website, the antivirus software on the desktop showed a pop-up warning. The warning description was self explanatory and suggested that the site was hacked. It further disclosed that some hidden iFrame tags were attached to a file named index.php that uploads several malware strains.

An interesting aspect security researchers pointed out was that the attackers registered the three malevolent iFrames at a single IP to centralize their campaign. However, no efforts were made to diversify the hosting locations; consequently, two of them were suspended, and only one was actively running.

Moreover, Trend Micro's assessment of the attack suggested that it involved code injection that was either a scam with advertisement, or a massive early stage malware attack.

The malicious code injected into the site attaches pages to it such that they appear as blog entries in the hacked site's domain connecting to illegitimate pharmaceutical websites. The objective of the latest hack could be to elevate the ranking of the illegitimate websites on search engines, or a ruse to utilize the domains of legitimate websites that have been compromised to elude spam filters.

As the websites included in the attack are already hacked, a simple tag modification could convert the apparently "non-malicious" code injection into an expanded malware attack.

The researchers further said that although the medium of the attack is still not known, it is possible that the attack occurred due to weak file permissions and directory, or due to their PHP scripts.

According to them, the attack is a rare one but not unprecedented as embassy websites that have been previously attacked include The Netherlands Embassy in Russia, the Ukraine Embassy in Lithuania and the US Consulate in St. Petersburg.

Related article: Indian Financial Industry Facing Rising Online Fraud

» SPAMfighter News - 2/14/2009