Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Compromised Site: Embassy of Portugal in India

Date:03.20.2009

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered that the official Web site of the Embassy of Portugal in India has been compromised and is infecting the machines of site visitors with malicious code. Malicious code has been inserted onto the main page of the site via multiple iframes. These iframes redirect to the pages of different hosts that contain malicious obuscated JavaScript code that takes advantage of the following exploits: VMLRender exploit (MS07-004), 2007 WinZip FileView ActiveX CreateNewFolderFromName method exploit (CVE-2006-6884), Apple QuickTime RTSP exploit (CVE-2007-0015), MS Internet Explorer WebViewFolderIcon exploit (CVE-2006-3730), Internet Explorer (MDAC) Remote Code Execution exploit (MS06-014), and Adobe Reader PDF exploit (CVE-2007-5659).

The Embassy of Portugal in India provides visitors with brief information about bilateral relations between the countries, related news and events, tourism, and consular information.

Websense ThreatSeeker Network has been tracking how this type of attack is carried out successfully over such reputable Web sites, targeting their peers and other visitors.

Screenshot of the infected site:

Screenshot of the infected site source, and the malicious payloads:

Websense Messaging and Websense Web Security customers are protected against this attack.