|
New Delhi: A second Indian government website-operated by the Institute of Remote Sensing-has been compromised for malware purposes, said Finjan.
News that the site has been hacked by cybercriminals came after Finjan reported that the Government of India portal was hacked back in May this year.
“This latest hack is interesting on two fronts. First the attack has happened despite the Indian government stepping up security on its hosting servers. And secondly, the cybercriminals have added a script into the site that adds an iFrame attack to the page,” said Yuval Ben-Itzhak, CTO, Finjan.
“The page then re-routes to a LuckySploit-infected server in Texas that fires off multiple attacks across the Internet. Early reports suggest that the site hack and re-route has infected several thousand Internet users,” he added.
According to Ben-Itzhak, the LuckySploit toolkit uses a variety of methods to infect users and is notable for using a complex encryption system to hide what it is doing.
The bad news about this exploit is that the infected pages are only detected by four out of 41 anti-virus engines on the Virustotal.com code checking portal.
“Finjan's malicious code research team has notified the Indian CERT operation about the problem, which we hope will be fixed shortly,” said Ben-Itzhak.
“More than anything, this infection teaches us that any site can be compromised and serve malicious code without the site owner knowledge. This is why web protection utilizing real-time content inspection is needed for businesses to prevent such attacks and keep their valuable data away from hackers,” he said.
“Individual users should also consider installing a URL-checking browser plugin such as Finjan's free-to-use SecureBrowsing tool,” he added. Page(s) 1
| 
