Fiat.com.sg Web Site Compromised, Infecting Site Visitors With Malicious Code
Websense Security Labs has discovered that the official Web site of Fiat in Singapore, fiat.com.sg, has been compromised and is infecting the machines of site visitors with malicious code. Fiat is an Italian automobile manufacturer and industrial group based in Turin, and it has been in the news recently with press reports indicating a possible deal being discussed with the American car manufacturer Chrysler.
The compromised Web site belonging to an independent Fiat dealership (not Fiat’s official Web site). It is not hosted on Fiat’s IT infrastructure. Malicious code, showing traits of the Luckysploit exploit kit, has been inserted onto the main page of the site using an iframe. This iframe redirects itself to the pages of a different host that contains malicious obfuscated JavaScript code.
This code takes advantage of the MS Snapshot Viewer exploit (CVE-2008-2463) and the Adobe Reader PDF exploit (CVE-2007-5659). Upon successful exploitation, futher malicious files are downloaded and the infection reported via a phone home to ipaddress 213.15[removed] A rootkit is then installed on the user’s machine.
The anti-virus detection rate for this is poor as can be seen in the VirusTotal detection report:
CAT-QuickHeal – – Rootkit.Agent.ino
F-Secure – – Rootkit.Win32.Agent.ipg
Fortinet – – W32/Agent.IPG!tr.rkit
Ikarus – – Rootkit.Win32.Agent
Kaspersky – – Rootkit.Win32.Agent.ipg
Prevx1 – – Medium Risk Malware
ViRobot – – Trojan.Win32.RT-Agent.21632
Websense®, Inc. has contacted Fiat to advise them of the issue.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.