China Internet Security Response Team attacked

Although China has been accused of government-backed attacks (against New Zealand in particular), China itself has been attacked: one of the country's internet security sites (or at least a few pages of it) contains malicious code. The particular malicious code in the website is an iFrame, or a hidden window, which allows code such as JavaScript to run on a web-surfer's PC.
The CISRT (Chinese Internet Security Response Team) claims that the code works because of vulnerabilities in ActiveX, one of BaoFeng Storm media player's controls. It uses the iframe to load scripts and download other malware on the system. One of these downloaders is named “sms.exe.”

The CISRT has apologized for the problem on its blog. How the code made its way to the security site is unclear. The CISRT speculate that it may have been an Address Resolution Protocol attack, one that infects data sent from a PC. Curiously enough, visitors are infected only intermittently.

“This is actually quite an interesting method that will extend the useful life of a hack by making it harder to isolate and investigate,” the security company S{nnet Beskerming Pty. Ltd.said in its blog. “With intermittent attacks on visitors, it also means that investigators need to look at all of the intermediate connections between site visitors and the Web site.”


Files
Software
Compare
Like us on Facebook