Hacker Exposes Visitors to Malware on French Embassy Website

A warning from security experts suggests that users should not access a website of the French embassy because one of its pages contains malicious code. The attack occurred on the Libyan edition of the site.

Experts point out that the harmful code is planted on the page in the form of an iFrame code. Such a code adds to the site another page, an invisible one that launches a complex connection.

The iFrame on the embassy site is linked to a Hong Kong site, which has its own iFrames to connect to yet another site hosted in the Ukraine. This third site tries to exploit a browser hole to drop malware onto the user's PC.

Francois Paget, researcher at McAfee Avert Labs, wrote on a blog of McAfee how miscreants employ the method of using constantly running malicious sites to launch attacks that are difficult to thwart. Vnunet published this in news on December 14, 2007.

Paget added that it is particularly hard when a service provider allows a website to run without checking on the inferior data the miscreants enter at the time of registering.

Information and security manager Dave Marcus for McAfee said the inferior data is there simply to inject malicious code to the victim's system. ChannelWebNETWORK published this on December 15, 2007. Marcus added the whole thing happens so surreptitiously that no one notices it.

He said after compromising the user's browser, the downloader programs would plant a variety of malware to achieve wide ranging purposes.

Researchers at McAfee said that the latest attack is linked to Muammar Khadafi, the Libyan dictator's forthcoming visit to France, which has a number of controversies surrounding it.

The attacks have been compared to the 'Italian Job' attacks where recreation and travel sites were exploited to inject malware on unwitting users. The hackers had embedded JavaScript codes onto those sites to connect their browsers to various drive-by exploits being hosted on servers that resulted in malware downloads on victims' systems.

McAfee Avert Labs is advising people to avoid the website of the French embassy in Libya as the site maybe still infected.

Related article: Hacker & Virus in MySpace

» SPAMfighter News - 12/29/2007