Home / mailings WSLabs, Malicious Web site / Malicious Code: Syrian Embassy Of London Compromised
Posted on 26 September 2007
Websense Security LabWebsense® Security Labs(TM) has discovered that the official site of the Syrian Embassy in London has been compromised.
The site www.syrianembassy.co.uk contains three unique iframes that direct visitors to malicious Web sites. The iframes use various techniques to evade detection, including Javascript Obfuscation. The iframes point to hosts in the United States, Malaysia, and the Ukraine. The Mpack attack toolkit is hosted on one of these sites and attempts several exploits depending on OS, browser, and plugin versions. The end result is that two Trojan Downloaders are dropped on visitors' computers from two of the iframes.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=806