Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Hacked Website of UK Landmark Delivers Malware

The Website of the Forth Road Bridge, a famous landmark in the UK, has been torn open to serve malicious code, security experts at Roundtrip Solution, a Scottish security agency reported. TechWorld published this in news on February 7, 2008.

The security agency said that the Website currently contained an 'obfuscated' JavaScript code designed with the Neosploit Crimeware Toolkit. The site was also serving porn pop-up windows, the agency's blog reported.

A careful study of the hacked site revealed the detailed mechanism used in the strategy. Roundtrip revealed that it was fairly easy to find the exploit code as the JavaScript exposed it like a bruised thumb. The Register published this on February 7, 2008.

Roundtrip added that the code connected the browser to a Turkish server having an Internet Protocol (IP) address 88.255.90.130. The server would mainly send instructions to view the BBC Website, but sometimes, it installed another JavaScript code that could have harmed in just any way.

According to Roundtrip, the real code occasionally installs an even dangerous JavaScript payload to do anything its creators desired.

The bloggers presume that the hack uses more than an embedded code. They think some other thing on the server stands compromised permitting to view the Forth Estuary Transport Authority (FETA) Website. According to them, the workstation computer of a FETA Website developer has been compromised that permitted hackers to acquire username and password of the FTP by applying a keylogger.

Finjan, a security vendor, has confirmed that the hack is genuine. Yuval Ben-Itzhak, CTO of Finjan, said that the exploit code contained an obfuscated JavaScript, a mechanism the vendor indicated in its Q4 2006 report about trends of Web security, as reported by TechWorld on February 7, 2008.

Ben-Itzhak added that any obfuscated code or similar kind of sophisticated hacking techniques could be prevented if businesses include real-time products for content inspection that would help analyze any code embedded on Web pages and to take care of it before it strikes the end-user system.

Meanwhile, FETA shut down its Website on February 6, 2008 (after being informed of potential issue) to bring it back late afternoon the same day after rebuilding it.

Related article: Hacked Mall Websites Leave Little Impact on Business

ยป SPAMfighter News - 2/18/2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next