Hacked Embassy Websites Delivering Malware


It seems like malware pushers have found another avenue to delivery their payloads, Embassy websites. Which makes sense as they are probably not maintained well nor updated often meaning the chance they are easily compromised is quite high.

Plus a lot probably use off the shelf CMS software, which when not updated is a playground for hackers.

Add embassy websites to the growing list of hacked internet destinations trying to infect visitor PCs with malware.

Earlier this week, the site for the Netherlands Embassy in Russia was caught serving a script that tried to dupe people into installing software that made their machines part of a botnet, according to Ofer Elzam, director of product management for eSafe, a business unit of Aladdin that blocks malicious web content from its customers’ networks. In November the Ministry of Foreign Affairs of Georgia and Ukraine Embassy Web site in Lithuania were found to be launching similar attacks, he says.

Again it just goes to show that a lot of malicious attacks are based around human elements, in this case trust. People will naturally trust an Embassy website, so if you embed it with a message to download some kind of protective software…a lot of people will do it.

Frequently, the compromised websites launch code that scours a visitor’s machine for unpatched vulnerabilities in Windows or in applications such as Apple’s QuickTime media player. Such was the case in two recent hacking sprees that affected hundreds of thousands of sites, including those of mom-and-pop ecommerce companies and the City of Cleveland.

But in the case of the Netherlands Embassy, the attackers simply included text that instructed visitors to download and install the malware. Of course, no self-respecting Reg reader would fall for such a ruse. But sadly, Elzam says, because the instruction is coming from a trusted site, plenty of less savvy users do fall for the ploy. Saps.

Again we can just educate and spread the news, tell people not to trust any web sites if possible, use md5 hashes, use trusted sources, scan for the viruses etc..

Trust no one! (Except me of course *evil laugh*).

Source: The Register

Posted in: Malware, Spammers & Scammers, Web Hacking

, , ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


7 Responses to Hacked Embassy Websites Delivering Malware

  1. Pantagruel January 24, 2008 at 11:27 am #

    .. Earlier this week, the site for the Netherlands Embassy in Russia was caught serving a script that tried to dupe people into installing software that made their machines part of a botnet…

    blush, I was expecting the Embassy to spent more time and funds on their website safety, especially since they route you to their website for info and documents on visa application. You feel rather stupid knowing that the Dutch community money spent, boils down to an ‘out of the box’ CMS install riddled with holes.

  2. Nobody_Holme January 24, 2008 at 4:28 pm #

    wait… darknet, have you sneakily turned us all into botnet drones? *le gasp*
    anywho… yeah. more evidence that theres people out there getting smarter with their attack vectors.

  3. goodpeople January 24, 2008 at 4:41 pm #

    Another perfect example of how we, the Dutch, manage to keep life simple. We simply ask the visitors of our websites to install the malware we are spreading.

    Makes me think of that Belgian “ik houd van u” computervirus. The instructions were simple:

    1. send these instructions to everyone in your address book.
    2. type “echo y | format c: /u” from the command prompt
    3. say the words “ik houd van u” aloud.

    (american readers might want to substitute Belgian for Polish)

  4. mumble January 24, 2008 at 10:27 pm #

    @goodpeople
    This reminds me of the “I Love You” sympathy virus, which asks Unix users to send itself to all their address book entries and delete half a dozen random Jpegs.

    As far as the embassy is concerned, this is a Kevin Mitnick… There’s no patch for human stupidity – neither that of the embassy nor that of the users. It’s unfortunate, but people only learn the hard way.

  5. eM3rC February 7, 2008 at 5:53 am #

    Of all sites it seems like embassy and other government sites should be more secure. I have seen on a couple of black hat forums hackers getting into government sites and stealing the vital information.

    It would be pretty funny if these scripts were part of the governments attempt to remove hacking software from the UK.

  6. J. Lion February 11, 2008 at 11:07 pm #

    it could be the governments joint venture to install global Big Brother network

  7. eM3rC February 12, 2008 at 2:06 am #

    @J. Lion
    I dont think countries like the US would be able to pass legislature to pass a law like this. Patriot Act was iffy but this is going to far.