Hackers Opt Indian Government Website to Serve Malicious Code

The news released by security firm Finjan on June 29, 2009, in the final week of June 2009, the firm found that government website of Indian Institute of Remote Sensing, "iirs-nrsa.gov.in", has probably been hacked by cyber crooks. The security vendor in fact discovered that the site was being used by hackers as a medium to distribute malicious code.

Finjan, explaining the probable way of hacking and other related information in detail, stated that hackers made use of LuckySploit attack toolkit for compromising the government website. It means that this particular toolkit was possibly involved in infecting the users PCs visiting the hacked site. According to Finjan, LuckySploit uses an array of exploits targeted at the vulnerabilities in the browsers, operating system, or popular software including Adobe Reader, Adobe Flash.

The security firm revealed that the pages on the site have been infected with hidden JavaScript, which inserts a rogue IFrame. The IFrame, in turn, is used to download malicious content from some third-party server and in this way it tries to exploit the visitors logging on to the website.

The researchers said that the IFrame developed by this JavaScript downloads malicious code hosted on a Texas-based server, which is laced with the attack toolkit, reported Softpedia on June 30, 2009.

After gaining access to the server, security experts at Finjan broke into the administration panel of the LuckySploit, wherein they found that this government website had already 500 hits from some 157 distinct users since the time it was hacked. Although the numbers are comparatively less, the rate of successful infection is quite high. This particular gang of hackers has launched total 11,798 successful infections on all websites.

Researchers at Finjan have warned that malicious page was identified by just 4 out of total 40 AV engines at the Virus Total, reported Finjan on June 29, 2009. This clearly shows how much high is the infection rate of the concerned malicious code.

Finjan said that it has brought the matter into the notice of India's Computer Emergency Response Team (CERT) and hoped that the problem will be addressed soon.

The security vendor reported a similar problem in May 2009, where the hackers targeted another Indian government website that belonged to the Union Public Service Commission (UPSC) by using Fiesta attack toolkit.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 7/9/2009