Security Labs


  digg   |   |     reddit
  newsvine   |     furl   |     technorati

IEC Web Site Compromised


Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has discovered that a subdomain of the International Electrotechnical Commission (IEC) Web site has been compromised. The IEC is an international standards organization that prepares and publishes International Standards for all electrical, electronic, and related technologies. Member countries include Japan, Australia, U.S.A., central European countries, and numerous others.

Screenshot of the IEC homepage:

The infected subdomain belongs to the TC26 group. Unprotected users would be subjected to execution of obfuscated Javascript that redirects to an exploit site, hosting exploits for Internet Explorer, QuickTime and AOL SuperBuddy. Successful execution of the exploit code incurs a drive-by download. This installs a backdoor on the compromised machine. Major antivirus vendors are not detecting this payload.

Screenshot of the infected subdomain:

Screenshot of the de-obfuscated code:

Websense® Messaging and Websense Web Security customers are protected against these threats.