Welsh government website serves malware

A Welsh government website has been hacked to serve up malevolent JavaScript, a signal that the wave of attacks first spotted last month are enduring, analysts from security vendor Sophos warned Friday.

The process of attack is comparable to one that recently victimized pages within Trend Micro’s website, said Graham Cluley, senior technology consultant for Sophos.

Trend Micro’s website was one of up to 20,000 sites exposed in mid-March where hackers found a flaw in the server’s security that allowed them to embed malicious JavaScript.

If a user visits an contaminated page, the JavaScript kicks off a download of malicious code from another server. Sophos named the attack Troj/Badsrc-A.

In this particular case, the server that is hosting the malicious code is down, Cluley said. One prospect is that the server exceeded its permissible bandwidth due to a high number of downloads of malicious code, which would signify that many people could be infected, Cluley said.

Hacked websites are progressively more being used to infect PCs with malicious software. The attack method can be used to infect fully patched computers. Once the bad JavaScript runs, a user could be prompted to download a piece of software, which the victim may believe they require in order to access the legitimate website, but the software is in fact harmful.

In other cases, the JavaScript could launch an attack that seeks to exploit vulnerabilities in, for example, QuickTime, Cluley said. Earlier this week, Apple issued 11 patches for its media player. JavaScript could launch QuickTime, and if the application isn’t patched, the PC could be infected.

The Welsh site is one of hundreds upon hundreds of sites that Sophos has catalogued as contaminated. The vendor chose to broadcast its findings on the Welsh site to make a point about how apparently genuine sites are being affected by this latest round of attacks, Cluley said.

One certain way to obstruct this kind of attack is by using the Firefox browser with the NoScript extension. NoScript blocks the execution of JavaScript, Java and Flash in the browser, which hackers are using to get into machines.

NoScript hinders the function of legitimate websites using JavaScript and those plug-ins, but users have the option of white listing safe sites. The extension, as well as Firefox, are free. In the case of the Welsh website, NoScript would block the attack, Cluley said.

Sophos has contacted the organisation responsible for the website but has yet to receive a response, he said.

Story link: Welsh government website serves malware