Volexity - Websites of Pro-Democracy in Hong Kong Compromised

Computerworld.in reported on 13th October, 2014 quoting Volexity, a security company based at Washington D.C. as "In Hong Kong, four websites which promote democracy, have been rigged to spread malicious software."

Computerworld.in reported on 13th October 2014 quoting Steven Adair, Founder of Volexity, as saying "Findings reveal that rebellious groups particularly those looking for more freedom are targeted more frequently for surveillance and extraction of information."

Security experts have observed slight increase in attacks targeting activists who have demonstrated in Hong Kong to protest against restrictions placed by China on election for Chief Executive of the territory in 2017.

The websites are the association of True Democracy (ATD), People Power in Hong Kong, the Democratic Party Hong Kong (DPHK) and The Professional Commons and according to Adair browsing to these websites is not advised because some attacks are still alive.

Adair wrote that both DPHK and ATD websites planted code pulling a suspected script from a different domain known as "java-se.com" that has been linked to nasty activity before and the domain was also used to attack www.nikkei.com in early September.

The researchers investigated and find themselves in association with People Power, which is popular for its democratic stand.

Volexity analyzed the website and discovered malicious iframes directing to exploit webpages and the malicious links have been cut via the Chinese URL and cut service 985.so.

The researchers discovered four links of this type out of which three direct to exploits hosted on the same IP address.

Softpedia.com published a report on 13th October, 2014 quoting Adair as saying "The pages carry scripts profiling the system for different software, plugins and other associated information and also carry Java exploits which is crafted to install malware on the system of the target. If it becomes success, the exploits shall install either a 64-bit or a 32-bit version of the malware."

The Professional Commons website is slightly unclear as it contains a suspicious iframe which guides to a page of a website of a South Korean Hotel. However, the landing webpage doesn't exist and a redirect to the core webpage is executed.

» SPAMfighter News - 10/21/2014