Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Malware Infects Website of ASEAN-US Summit – F-Secure


Softpedia.com reported on 24th November, 2015, stating that F-Secure, a US-based cyber -security vendor, is reporting about an incident which happened just few days before the 3rd ASEAN-United States Summit on 21st November, 2015.

F-Secure are revealing that according to collected data, malicious actors have compromised the website of the US-ASEAN (Association of Southeast Asian Nation).

As per the security researchers, sub-domain of the Secretariat Resource Centre was affected, and the hackers have managed to gain access to the server and added malicious code at the end of a JavaScript file. Moreover, a copy of the compromised script file was also hosted on a remote IP and loaded as a backup (down now).

When this script was executed in the browser of a victim, it would redirect users to the 43.240.119.35 IP (Hong Kong based), where the "3rd ASEAN Defense Ministers' Meeting.rar" archive was downloaded into the PC of the user.

If this archive is unpacked, it would infect the computer with malicious spyware identified as Backdoor: W32/Wonknu.A.

The malware drops its copy to the system as c:\programdata\kav.exe and then, connects to 43.240.119.40:443. It works as a backdoor which can accept several commands.

In the month of August, the malware was initially located. During that time-period, it would be downloaded from the website of sft.spiritaero.com, website of Spirit AeroSystems, one of the largest manufacturers of commercial aerostructures.

The malware acts as if it is a Java file, which is exactly Javaw.exe Version 6.0.0.105. The novel Java file was altered to comprise malicious code, which downloads a file from 178.79.181.246. The downloaded file is then saved as Java_Down.exe on the impacted machine. This link is also presently inaccessible.

F-Secure say that we have also found this specific IP hosted Jquery.js.

Moreover, the website of US-ASEAN summit is not the only famous website hijacked by the scammers this month because during second week of November, 2015, security firm Zscaler had spotted a serious compromise on the website of the International Council for Women (ICW) which could make visitors vulnerable to data-stealing malware and ransomware. The compromised website deploys a malicious iframe at the time of user's visit, leading the victim to a landing site for the malicious botnet Nuclear exploit kit.

» SPAMfighter News - 12/3/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next