Hackers Infected Three Embassy Websites to Spread Malware

Security investigators from Sophos are asking people to be wary of a harmful IFrame that has been inserted into the Ethiopian Embassy website in Washington. In Pakistan and Hungary, the Embassies of Republic of Azerbaijan have experienced a similar compromise of their websites.

Paul Baccas, Spam and malware Researcher at SophosLabs, UK, said on the company's official blog that the Ethiopian Embassy in Washington D.C. is a very important embassy of Ethiopia. A visitor to its site can notice all the typical indications of an IFrame assault, as reported by Softpedia on March 17, 2009.

Explaining the IFrame attack, the security experts at Sophos state that it tries to download a malicious program identified as Mal/ObfJS-BP from a website that Google calls an "exploit site."

It also comprises a malevolent JavaScript added to a website's page that tries to exploit security flaws in browsers. However, the security company has rated the malware's risk as "low" saying it affects only the Windows computers.

In the meantime, Dancho Danchev, an Independent Security Professional, reveals that the websites of Republic of Azerbaijan Embassies in Pakistan and Hungary suffered from the similar attacks, as reported by Sopftpedia on March 17, 2009. The attacks planted identical domains on the two embassies' websites hosted on a single IP, and diverted users to common client-side attack codes. These codes provide a URL operated by Russian cyber criminals, the researcher stated.

Danchev's alert is especially interesting since it follows the announcement by Chief Research Officer for AVG, Roger Thompson, in early March 2009. Thompson stated that malevolent attack code had been pushed inside the Azerbaijan page of the United States Agency for International Development Internet site namely azerbaijan.usaid.gov.

Security researchers state that malware distributors appear to be increasingly choosing to target embassy websites. For instance, during January end 2009, the Embassy of India in Spain had its website compromised. More websites that too have been compromised belong to the US Consulate in St. Petersburg, the Syrian Embassy in London, the Brazilian Embassy in India, the French Embassy in Libya and the Dutch Embassy in Moscow.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 3/23/2009