HACKED : Indian Institute of Remote Sensing Website Hacked

HACKED : Indian Institute of Remote Sensing Website Hacked

Malicious exploit-loading JavaScript code injected in its pages

By Lucian Constantin, Web News Editor

30 June 2009

http://news.softpedia.com/news/Indian-Inst...ed-115437.shtml



Security researchers from web security vendor Finjan report that the website of India's Institute of Remote Sensing has been compromised by hackers. An injected IFrame loads exploits from the LuckySploit attack toolkit against visitors.



"Last week, we detected that another website from the Government of India 'iirs-nrsa.gov.in' was compromised by cybercriminals who use it as a malicious code distribution channel," the Finjan malware analysts announce.



The pages of the website have been infected with obfuscated JavaScript that inserts a rogue IFrame. The IFrame is subsequently used to load malicious code from a third-party server and attempts to exploit the website's visitors. "The IFrame created by this script points to malicious content hosted on server in Texas armed with the LuckySploit attack toolkit," the researchers explain.



LuckySploit uses a collection of exploits for vulnerabilities in the operating system, browsers or other popular software such as Adobe Flash and Adobe Reader. After obtaining access to the server, the analysts looked at the referrer statistics from the LuckySploit administration panel. According to these, iirs-nrsa.gov.in had 500 hits from 157 unique users since it was compromised. Despite these relatively low numbers, the successful infection rate is pretty high, situated at 17,8% (28 users).



What's even more worrying is the total number of successful infections (11,798) on all the websites compromised by this group of hackers. The Finjan security researchers warn that, "The exploit page was detected by only 4 out of 40 AV engines at Virus Total."



Last month, the security vendor reported a similar infection, using the Fiesta attack toolkit, on another Indian government website, belonging to the Union Public Service Commission. "We notified CERT India about this issue; trusting that the problem will be fixed soon," the company noted, regarding this latest incident.



Back in January, we reported that the website belonging to the Indian Embassy in Spain had been compromised in a similar way, while later, in February, India's Ministry of External Affairs was confronted with a serious security breach after spyware was found on its network.