Web-Site Defacements

Recently I came across an interesting site (www.zoneh.com) that displays statistical information on web page defacement. It also shows information on the sites that were hacked and provides a mirror to them.

 

However; some of these “defacement” sites are questionable and some contain “iframe” exploits; in our case a malicious packer was included in one of the mirrored sites hacked.

 

This particular site belonged to a branch of the Brazilian Government.

 

hackedsite.jpg

 

When I clicked on the domain “xxx.pr.gov” on the title bar shown above I was redirected to a mirror in which the hacked site was displayed. Furthermore; the Panda Security permanent protection notified me of the potential iframe and packer trying to attack my machine (this is an example of using generic unpacking routines to detect malware using packers).

 

 Further examination of the site shows an iframe tag that appears to be obfuscated and heavily garbled.

 

iframe.jpg

 

Hackers have become increasingly sophisicated and are using new techniques to evade anti-virus analysis. Packers are one of them. 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: