It’s not just banks that hackers deploy phishing attacks against; it has been seen that hackers also deploy attacks against other payment processing services such as MoneyGram, Equifax, Western Union, etc as a way of gaining profit through harvesting personal details.
Recently I came across an interesting site (www.zoneh.com) that displays statistical information on web page defacement. It also shows information on the sites that were hacked and provides a mirror to them.
However; some of these “defacement” sites are questionable and some contain “iframe” exploits; in our case a malicious packer was included in one of the mirrored sites hacked.
This particular site belonged to a branch of the Brazilian Government.
When I clicked on the domain “xxx.pr.gov” on the title bar shown above I was redirected to a mirror in which the hacked site was displayed. Furthermore; the Panda Security permanent protection notified me of the potential iframe and packer trying to attack my machine (this is an example of using generic unpacking routines to detect malware using packers).
Further examination of the site shows an iframe tag that appears to be obfuscated and heavily garbled.
Hackers have become increasingly sophisicated and are using new techniques to evade anti-virus analysis. Packers are one of them.
In the last few hours we have observed a high-profile hack in progress, which supposedly infected 10,000 web-sites with a script-based attack used to launch and execute malicious code. According to reports from several leading security firms the hack was orchestrated in a similar fashion to how the Miami Dolphins site was used to serve up malicious code to its viewers.
The web-sites supposedly pointed to a file which then executed malicious code on the user’s PC.
In the world of cyber-crime that is driven by an underground economy more and more of these web-based attacks will emerge targeting specific populations and in some cases the security vendor itself as seen recently with one of the top three security vendors in the world.
Because the attack was part of a global effort by hackers we suspect that perhaps hundreds or even thousands of users could have already been infected by the Trojan from different sites across the globe.
Today’s hackers are in it for the profit thus we recommend that consumers and business users alike check their PCs for malicious code before doing any online commerce that could be associated with this attack, the extend of which is uncertain. Today’s incident begs the question: what percentage of the Internet may already be laced with crime-ware?
For further information on how you can prevent from becoming infected please visit: http://pandasecurity.notlong.com