Assault on United Nations Web site claims innocents

Visitors drafted for botnet army, exposed to identity theft and fraud

The United Nations (UN) is the latest victim in a string of hacking attacks aimed at identity and credit card theft, and building botnet hordes.

The attack on the UN Asia Pacific Web site is believed to originate from the same group responsible for attacks on the US-based Biotechnology Information Organization and the prominent Indian Syndicate Bank.

The financially-motivated incursions, launched from the same remote location, infected a server common to all three Web sites and downloaded a Trojan to visitor computers via drive-by attacks.

A keylogger and a Trojan were download to visitor computers, flagged by an online scanner as positive to multiple Microsoft vulnerabilities, via hidden Java iFrames which is an old trick to refer visitors to a compromised server.

The Trojan maintains a backdoor, allowing attackers to monitor and hijack user machines to steal valuable user data, and turn the computer into a zombie as part of a botnet horde.

Websense Australia and New Zealand country manager, Joel Camissar, said such attacks exploit remote servers with weak security and typically target common brand names to maximize exposure.

"The groups will target ISPs which don't have sufficient security, common brands of servers, and servers in locations without tight controls or law enforcement," Camissar said.

"Typical scanners [used in attacks] only scan for one vulnerability but this looked for multiple exploits.

"We informed the authorities who's job it is to pursue them, shut down their servers and bring them to justice."

The attack executed the malicious e.js JavaScript file to create two additional iframes, and did not trigger any Java or anti-virus alerts.

Websense discovered the attack on The United Nations Aids and HIV Web portal after scanning 600,000 Web pages as part of routine malware detection.

Camissar said it is unknown if the group is responsible for more attacks.

More about: Exposure, Microsoft, United Nations, VIA, Websense

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/165/billings/

Billings

Billings allows you to present clients with professional looking invoices. There are 30 templates to choose from and you can add your own logo and ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia