Home / mailings WSLabs, Malicious Web site / Malicious Code: GOP website compromised by Storm attackers
Posted on 14 September 2007
Websense Security LabWebsense® Security Labs(TM) has discovered that the Web site of the 1st Congressional District GOP of Wisconsin has been compromised. At the time of this writing, the site is laden with malicious code designed to infect site visitors through a malicious iframe. The iframe is hidden from plain sight and inserted at the very bottom of the site's HTML source code.
The perpetrators are also responsible for the infamous Storm worm attacks, which we have recently blogged about in depth here. The Storm attackers have added Web compromises to their arsenal, and we have seen hundreds of sites that have been infected with similar iframes.
Users who connect to infected sites and who are not patched will be infected with the Storm Trojan/Worm. Users who connect and who are already patched will be served with a dialog box prompt to run the code manually.
*Note: We highly recommend that you not connect to this Web site without taking appropriate security measures first. We have contacted the site owners with information on the infection.
Websense customers with Websense Web Security SuiteT have been protected from the malicious payload since early last month, when we discovered similar compromises.
Screenshot of the site and the malicious source available in full alert.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=804