CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 8th, 2009

Fiat.com.sg Web Site Compromised, Infecting Site Visitors With Malicious Code

Websense Security Labs has discovered that the official Web site of Fiat in Singapore, fiat.com.sg, has been compromised and is infecting the machines of site visitors with malicious code. Fiat is an Italian automobile manufacturer and industrial group based in Turin, and it has been in the news recently with press reports indicating a possible deal being discussed with the American car manufacturer Chrysler.

The compromised Web site belonging to an independent Fiat dealership (not Fiat’s official Web site). It is not hosted on Fiat’s IT infrastructure. Malicious code, showing traits of the Luckysploit exploit kit, has been inserted onto the main page of the site using an iframe. This iframe redirects itself to the pages of a different host that contains malicious obfuscated JavaScript code.

This code takes advantage of the MS Snapshot Viewer exploit (CVE-2008-2463) and the Adobe Reader PDF exploit (CVE-2007-5659). Upon successful exploitation, futher malicious files are downloaded and the infection reported via a phone home to ipaddress 213.15[removed] A rootkit is then installed on the user’s machine.

The anti-virus detection rate for this is poor as can be seen in the VirusTotal detection report:

CAT-QuickHeal     –     –     Rootkit.Agent.ino
F-Secure     –     –     Rootkit.Win32.Agent.ipg
Fortinet     –     –     W32/Agent.IPG!tr.rkit
Ikarus     –     –     Rootkit.Win32.Agent
Kaspersky     –     –     Rootkit.Win32.Agent.ipg
Prevx1     –     –     Medium Risk Malware
ViRobot     –     –     Trojan.Win32.RT-Agent.21632

Websense®, Inc. has contacted Fiat to advise them of the issue.

Share this item with others:

More on CyberInsecure:
  • Website Of Peugeot In Romania Peugeot.com.ro Compromised, Infecting Visitors With Malware
  • Malaysian Kaspersky Antivirus Website Has Been Hacked In An SQL Injection Attack
  • Compromised Museum Website Infecting Image Search Referred Visitors
  • Fort William Mountain Bike World Cup 2009 Site Hijacked, Redirects Visitors To Rogue Anti-Virus Page
  • Malicious Javascript Code In Another CNET Networks Website

    • Posted in Breaches And Incidents, Hacked, Malware, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Wednesday, April 8th, 2009 at 7:38 am and is filed under Breaches And Incidents, Hacked, Malware, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Fiat.com.sg Web Site Compromised, Infecting Site Visitors With Malicious Code

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »