Security Researcher says KCNA Website has Illicit Software

The online activities of North Korea are being increasingly inspected following Federal Bureau of Investigation's condemnation of the country of undesirable act of hacking into the systems of Sony Pictures Entertainment back in 2014. Now there's fresh accusation by a security investigator that North Korea has planted malware on the KCNA (Korean Central News Agency) website a state-run news portal, published businessinsider.in dated January 13, 2015.

Calling himself by a pseudonym InfoSecOtter, the security researcher was first to unearth the malware. The discovery has been successfully copied at the online site Ars Technica, the latter states.

Actually just by accessing the KCNA site, nothing harmful occurs, but there could be problems when trying to load a "flash update" provided on it.

The site has certain file which looks like an update tool for Flash on Windows along with one web plug-in which's utilized to exhibit interactive graphics and video over the Net. However, by closely inspecting, one can find a familiar malicious software which contaminates the end-user's PC incase inadvertently loaded. Businessinsider.in reported this.

Once loaded, the malware records the end-user's activity while clandestinely transmits the logs back to its creator.

According to Senior E-Threat Analyst Bogdan Botezatu with BitDefender, a loose viewing of the malicious files indicates possible theft of passwords by the malware from the user's Web-browser. Computerworld.com published this, January 13, 2015.

It's possible the malware does other activities; however, that means extra time for a detailed assessment.

A speculation by some security analysts point to the attack as of "watering hole" kind aimed at Internauts desiring to maintain watch over North Korea.

Moreover, the term 'exploit' has multiple references within various directories and files on kcna.com along with another reference i.e. to a code which seemingly robustly produces Portable Document Files (PDF) advised to be taken down.

Several things about the attack aren't yet clear such as if the website has more exploits beside the illicit software which imitates Flash Player, therefore visitors must be cautious as well as examine if their PCs have the badware while adopt security measures during any future visit to kcna.com.

» SPAMfighter News - 1/20/2015