United Nations hit by keylogger and trojan attack

United Nations hit by keylogger and trojan attack

UN serves dangerous malware after online attack

Article comments

The United Nations (UN) has been hit by a string of hacking attacks aimed at identity and credit card theft, and the building of botnets.

The attack on the UN Asia Pacific website is believed to originate from the same group responsible for attacks on the US-based Biotechnology Information Organization and the prominent Indian Syndicate Bank.

The financially-motivated incursions, launched from the same remote location, infected a server common to all three websites and downloaded a Trojan to visitor computers via drive-by attacks.

A keylogger and a Trojan were downloaded to visitor computers, flagged by an online scanner as positive to multiple Microsoft vulnerabilities, via hidden Java iFrames which is an old trick to refer visitors to a compromised server.

The Trojan maintains a backdoor, allowing attackers to monitor and hijack user machines to steal valuable user data, and turn the computer into a zombie as part of a botnet horde.

Websense Australia and New Zealand country manager, Joel Camissar, said such attacks exploit remote servers with weak security and typically target common brand names to maximise exposure.

"The groups will target ISPs which don't have sufficient security, common brands of servers, and servers in locations without tight controls or law enforcement," Camissar said.

"Typical scanners [used in attacks] only scan for one vulnerability but this looked for multiple exploits.

"We informed the authorities whose job it is to pursue them, shut down their servers and bring them to justice."

The attack executed the malicious e.js JavaScript file to create two additional iframes, and did not trigger any Java or antivirus alerts.

Websense discovered the attack on The United Nations Aids and HIV Web portal after scanning 600,000 web pages as part of routine malware detection.

Camissar said it is unknown if the group is responsible for more attacks.

Now read

Storm worm spoofs YouTube

Storm spam poses as site confirmation

Huge pump-and-dump spam spike in progress


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *