Hackers Compromise Jerusalem Post Website To Spread Malware

According to the news reports published in The Register on June 8, 2010, hackers hijacked the online site of Jerusalem Post on June 7, 2010 to spread offensive malware.

Paul O Baccas, Researcher at SophosLabs, states that originally he thought that a stream of hijacked adverts or a popup window was responsible for the installation of the malware. But when he carefully investigated the problem, he found the typical indications that suggested hackers disrupting the function of the website, according to Baccas on a personal blog that SophosLabs Blogs published on June 7, 2010.

To make the attack work, hackers inserted malicious scripts into the website following which they tried to dump harmful software on Windows computers that accessed the website.

Internet security company Sophos, which was one of the foremost for documenting the assault, explained the attack's methodology. According to the company, the malevolent script is identified as Mal/Badsrc-C which tries to plant more harmful scripts that Sophos identified as Troj/ExpJS-N and Mal/JSShell-B. Eventually, the attack has attempted to plant an EXE (log.exe) identified as Mal/Behav-290.

The Sophos researchers state that Mal/Behav-290 is characterized with running of its own as well as connecting with the Internet so that it can establish a communication with a distantly located server through HTTP.

Baccas concedes that the assault is likely the work of opportunists instead of any response to high tension across the Middle East since the recent deaths of members on boats heading towards Gaza, as reported by The Register on June 8, 2010.

Baccas further says that in the existing situation, some people may think that a politically motivated hacker have executed the attack. But the experience suggests that these types of hacks take place through a scattergun strategy and just as the security of the website was bad, so was luck unfavorable for the Jerusalem Post that resulted in its victimization, he adds.

According to the security researchers, users shouldn't access the website since that could damage their PCs. Moreover, they should deploy a good antivirus program and always keep it up-to-date so that they can avoid getting victimized with the malware attack.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 6/16/2010