VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
セキュリティリサーチ

Red Cross Hacked Again!!!

image
THREATLABZ
8月 12, 2010 - 2 分で読了
It seems as though attackers are fond of Red Cross sites as this isn’t the first time that we’ve blogged about a compromised Red Cross site. The victim this time was the Red Cross of Serbia. Previously, they hacked the site by simply injecting a malicious iframe. Injecting malicious content into static pages on the server side seems to be an emerging trend. Let’s analyze how it was done this time.

Screen-shot of the homepage:

ImageScreen-shot of “http://www.redcross.org.rs/” source code:

Image

Some of the infected JavaScript files are,
http://www.redcross.org.rs/java3/menu_common.js
http://www.redcross.org.rs/java3/menu123.js
http://www.redcross.org.rs/java3/fw_menu.js

 

A simple Google search on the domain “obscurewax.ru” suggests that this domain has been used in other attacks as victims can be seen discussing similar injected code on various forums and similar files have been submitted to online malware analyzers. We have also observed that many sites are still infected by the same malicious script. F

 

Although the injected JavaScript file “hxxp://obscurewax.ru/Kbps.js” is no longer accessible, this same file has appeared on other domains. Even though the malicious code is no longer being delivered, it is possible that the vulnerability that led to the attack has not yet been patched and further infection could occur, or the existing malicious content could become active once again. Notifications are being sent to Redcross.

 

Pradeep

 

 

 

 

 

form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

dots pattern

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。