Recently I came across an interesting site (www.zoneh.com) that displays statistical information on web page defacement. It also shows information on the sites that were hacked and provides a mirror to them.
However; some of these “defacement” sites are questionable and some contain “iframe” exploits; in our case a malicious packer was included in one of the mirrored sites hacked.
This particular site belonged to a branch of the Brazilian Government.
When I clicked on the domain “xxx.pr.gov” on the title bar shown above I was redirected to a mirror in which the hacked site was displayed. Furthermore; the Panda Security permanent protection notified me of the potential iframe and packer trying to attack my machine (this is an example of using generic unpacking routines to detect malware using packers).
Further examination of the site shows an iframe tag that appears to be obfuscated and heavily garbled.
Hackers have become increasingly sophisicated and are using new techniques to evade anti-virus analysis. Packers are one of them.
