Syrian Embassy UK Website Hacked

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via Websense.

[snip]

The site www.syrianembassy.co.uk contains three unique iframes that direct
visitors to malicious Web sites. The iframes use various techniques to
evade detection, including Javascript Obfuscation. The iframes point to
hosts in the United States, Malaysia, and the Ukraine.

The Mpack attack toolkit is hosted on one of these sites and attempts
several exploits depending on OS, browser, and plugin versions. The end
result is that two Trojan Downloaders are dropped on visitors' computers
from two of the iframes.

[snip]

More:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=806

Note: And yes, it is still compromised at this hour.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFG+cZlq1pz9mNUZTMRAmYVAKD5jAt4mln+BfuLHjfczq+OBn5mjQCfa1OP
ASi7JfNfTQIn3vq3mHQE0/A=
=9eP2
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.