U.K. government site hacked

A Welsh government Web site has been hacked to serve up malicious JavaScript, a sign that the spate of attacks first spotted last month are continuing, analysts from security vendor Sophos warned last week.

The method of attack is similar to one that recently victimized pages within Trend Micro’s Web site, said Graham Cluley, senior technology consultant for Sophos.

Trend Micro’s Web site was one of up to 20,000 sites discovered in mid-March where hackers found a weakness in the server’s security that allowed them to implant malicious JavaScript.

If a user visits an infected page, the JavaScript initiates a download of malicious code from another server. Sophos named the attack Troj/Badsrc-A.

In this particular case, the server that is hosting the malicious code is down, Cluley said. One possibility is that the server exceeded its allowed bandwidth due to a high number of downloads of malicious code, which would indicate that many people could be infected, Cluley said.

Hacked Web sites are increasingly being used to infect PCs with malicious software. The attack method can be used to infect fully patched computers. Once the bad JavaScript runs, a user could be prompted to download a piece of software, which the victim may believe they need in order to access the legitimate Web site, but the software is actually harmful.

In other cases, the JavaScript could launch an attack that seeks to exploit vulnerabilities in, for example, QuickTime, Cluley said. Earlier this week, Apple issued 11 patches for its media player. JavaScript could launch QuickTime, and if the application isn’t patched, the PC could be infected.

The Welsh site is one of hundreds upon hundreds of sites that Sophos has catalogued as infected. The vendor chose to publicize its findings on the Welsh site to make a point about how seemingly legitimate sites are being affected by this latest round of attacks, Cluley said.

Absent using security software, one sure-fire way to block this kind of attack is by using the Firefox browser with the NoScript extension. NoScript blocks the execution of JavaScript, Java and Flash in the browser, which hackers are using to get into machines.

NoScript hampers the function of legitimate Web sites using JavaScript and those plugins, but users have the option of white listing safe sites. The extension, as well as Firefox, is free. In the case of the Welsh Web site, NoScript would block the attack, Cluley said.

Sophos has contacted the organization responsible for the Web site but has yet to receive a response, he said.

Related content:

Nuclear Safety Commission of Canada hacked

China denies Pentagon cyber-attack

Feds find porn distributors hack U.S. sites

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now