Alerts
[UPDATED] Fiat Web Site Compromised
Date:04.08.2009
Threat Type: Malicious Web Site / Malicious Code
Updated 4/10/2009: Correction, this is a Web site belonging to an independant Fiat dealership (not Fiat's official Web site). This compromised Web site is not hosted on Fiat's IT infrastructure.
Websense Security Labs™ ThreatSeeker™ Network has discovered that the official a Web site of an independant Fiat dealership in Singapore has been compromised and is infecting the machines of site visitors with malicious code. Malicious code, showing traits of the Luckysploit exploit kit, has been inserted onto the main page of the site using an iframe. This iframe redirects itself to the pages of a different host that contains malicious obfuscated JavaScript code.
This code takes advantage of the MS Snapshot Viewer exploit (CVE-2008-2463) and the Adobe Reader PDF exploit (CVE-2007-5659). Upon successful exploitation, futher malicious files are downloaded and the infection reported via a phone home to ipaddress 213.15[removed] A rootkit is then installed on the user's machine.
The anti-virus detection rate for this is poor as can be seen in the AV detection report.
Websense®, Inc. has contacted Fiat to advise them of the issue.
Fiat has been in the news recently with press reports indicating a possible deal being discussed with the American car manufacturer Chrysler (link to news article).
Screenshot of the infected site:
Websense Messaging and Websense Web Security customers are protected against this attack.