CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 4th, 2008

UK Government Website Hacked And Infected

A Welsh government Web site has been hacked to serve up malicious JavaScript, a sign that the spate of attacks first spotted last month are continuing, analysts from security vendor Sophos warned Friday.

The method of attack is similar to one that recently victimized pages within Trend Micro’s Web site. Trend Micro’s Web site was one of up to 20,000 sites discovered in mid-March where hackers found a weakness in the server’s security that allowed them to implant malicious JavaScript.

If a user visits an infected page, the JavaScript initiates a download of malicious code from another server. Sophos named the attack Troj/Badsrc-A.

In this case, the server that is hosting the malicious code is down. The reason might be an exceeded bandwidth due to a high number of downloads of malicious code, which would indicate that many people could be infected.

The Welsh site is one of hundreds of sites that Sophos has tagged as infected. The vendor chose to publicize its findings on the Welsh site to make a point about how seemingly legitimate sites are being affected by this latest round of attacks.

Share this article with others:

More on CyberInsecure:
  • Thousands Of Sites Infected In Renewed SQL Injection Attacks
  • UK Home Office Crime Reduction Website Hosted Italian Phishing Scam
  • Turkish Prime Minister Website Hacked In Prostest Of Pay Increase Proposal
  • SQL Attacks Still Inject Websites Including Government Sites In US, UK
  • Nepal Supreme Court Website Compromised And Became Porn Video Hoster

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: UK Government Website Hacked And Infected

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.