Website of Deep-Water Driller Compromised

According to Websense the security firm, the deepwater.com key website of Transocean the enterprise for deep water excavation is harboring malware following the hijacking of the site.

UPDATE: The issue on the site deepwater.com have now been fixed.

Notably, Transocean is a global contractor based in Switzerland for massive offshore drilling, hiring out floating drill machines that global gas and oil companies use.

According to researchers, the deepwater.com that's harboring malevolent attack code is seeking for planting malicious software onto the computers that access the website. They discovered a minimum of 2 different attacks triggering from many pages of the website which abuse familiar security flaws within Adobe's Flash Player and Microsoft's IE Web-browser.

Some web-pages have been added, with attack code hosted on them, to the hijacked Internet server. The top web-page of deepwater.com has iFrames that point to a few of these new web-pages exploiting the vulnerability, CVE-2011-1255. The vulnerability reportedly impacts the 6-8 editions of Internet Explorer for which security patches were issued on 14th June 2011 and the Flash Player for which a patch was introduced on 5th October 2010.

Websense reported that from the 44 most effective AV products, merely 16% were able to identify the latter attack code.

In fact, there's something unusual about the above attack as a single server has been used for hosting the attack codes unlike drive-by assaults that ordinarily utilize externally-hosted malware, indicating that instead of the typical SQL-insertion technique, the RFI (remote file insertion) one has been used.

Senior Manager Patrik Runald for Websense's security research informed that approximately 26-hrs following the initial identification of the exploit, the assaults went on uninterrupted. He e-mailed that the company wasn't aware about the precise way the compromise occurred. However, from the attackers capability of uploading the attack codes onto the Web-server, it was evident that an SQL-insertion assault wasn't involved that normally caused diversion onto an outside Web-server, he observed. TheRegister published this on August 25, 2011.

Meanwhile, for remaining safeguarded, the security specialists advised Internet-users to maintain updated software, particularly Adobe Reader, Flash Player and Java that were obtainable via the browser as also to always use an AV solution that was up-to-date.

Related article: Websites – The Latest Weapon in The Hands of Phishers

» SPAMfighter News - 9/7/2011