Security news
Security news13 September 2007
US Consulate in Russia attacked by hackers, reports Sophos Cybercriminals planted malicious code on website
Fraser Howard, principal virus researcher at Sophos, has written about the attack on the SophosLabs blog.
IT security and control firm Sophos has reported on its blog that webpages of the US Consulate General in Saint Petersburg, Russia, were compromised by hackers earlier this week. The infected pages have since been cleaned up.
The attack was part of a larger campaign by cybercriminals in which vulnerable web servers were targeted. This resulted in more than 400 webpages around the world being infected over the last week. The majority of the compromised pages were hosted in Russia.
"This latest attack highlights the fact that no organization is immune from infection, and that no matter what the size of the company, it must defend its webpages fully to avoid being stung," said Fraser Howard, principal virus researcher at SophosLabs™. "The hackers have reeled in a big fish on this occasion and will no doubt be very pleased with their catch of the day. Unfortunately, while high profile sites such as the US Consulate can be cleaned up quickly, we are seeing a dangerous number of companies that are failing to act responsibly to retain the sanctity of their sites."
By retrieving a copy of one of the infected Consulate pages from an internet cache, Sophos experts were able to identify that the cybercriminals had planted malicious code known as Mal/ObfJS-C, that then attempted to load further malware from a remote server. This malware includes an additional malicious script that attempts to exploit several browser vulnerabilities in order to install a Trojan horse that could be used to steal business critical data and personal details.
The website of the US Consulate in St Petersburg, Russia, was infected with malicious code.
Sophos recently published a technical paper by Fraser Howard providing an overview of modern malware that uses the web to attack victims. Example attacks are used to illustrate some of the tricks and techniques used by hackers. The roles of "attack sites" and compromised sites are discussed together with some of the technologies that can be used to provide protection.
- Learn more about modern web attacks in this technical paper by Fraser Howard
- Read the SophosLabs blog entry about the attack on the US Consulate General's website in St Petersburg
- Read about Sophos Web Security and Control can help defend you against web-borne threats
Sophos advises companies to deploy good generic detection technology to thwart web attacks of this kind. Sophos further recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
