Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Hacked Website of UK Landmark Delivers Malware

The Website of the Forth Road Bridge, a famous landmark in the UK, has been torn open to serve malicious code, security experts at Roundtrip Solution, a Scottish security agency reported. TechWorld published this in news on February 7, 2008.

The security agency said that the Website currently contained an 'obfuscated' JavaScript code designed with the Neosploit Crimeware Toolkit. The site was also serving porn pop-up windows, the agency's blog reported.

A careful study of the hacked site revealed the detailed mechanism used in the strategy. Roundtrip revealed that it was fairly easy to find the exploit code as the JavaScript exposed it like a bruised thumb. The Register published this on February 7, 2008.

Roundtrip added that the code connected the browser to a Turkish server having an Internet Protocol (IP) address 88.255.90.130. The server would mainly send instructions to view the BBC Website, but sometimes, it installed another JavaScript code that could have harmed in just any way.

According to Roundtrip, the real code occasionally installs an even dangerous JavaScript payload to do anything its creators desired.

The bloggers presume that the hack uses more than an embedded code. They think some other thing on the server stands compromised permitting to view the Forth Estuary Transport Authority (FETA) Website. According to them, the workstation computer of a FETA Website developer has been compromised that permitted hackers to acquire username and password of the FTP by applying a keylogger.

Finjan, a security vendor, has confirmed that the hack is genuine. Yuval Ben-Itzhak, CTO of Finjan, said that the exploit code contained an obfuscated JavaScript, a mechanism the vendor indicated in its Q4 2006 report about trends of Web security, as reported by TechWorld on February 7, 2008.

Ben-Itzhak added that any obfuscated code or similar kind of sophisticated hacking techniques could be prevented if businesses include real-time products for content inspection that would help analyze any code embedded on Web pages and to take care of it before it strikes the end-user system.

Meanwhile, FETA shut down its Website on February 6, 2008 (after being informed of potential issue) to bring it back late afternoon the same day after rebuilding it.

Related article: Hacked Mall Websites Leave Little Impact on Business

ยป SPAMfighter News - 18-02-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next