Websites of Three More Embassies Spreading Malware

March 18, 2009

Security researchers from Sophos anti-virus warn that a malicious IFrame has been injected into the website of the Ethiopian Embassy in Washington, D.C. In an unrelated incident, the Embassies of Republic of Azerbaijan in Hungary and Pakistan have had their websites compromised in a similar manner.

“The Embassy of Ethiopia in Washington, D.C. is one of Ethiopia’s more important embassies, and yet when you visit it you can see all the tell-tale signs of an IFrame attack,” Paul Baccas,  malware and spam researcher at SophosLabs UK, announces on the company’s official blog. “Sophos is currently trying to contact the Ethiopian Government to help resolve this issue,” he also notes.
As demonstrated by the screenshot of the Web page source, which we have taken ourselves, the IFrame attempts to load content from a domain that Google tags as an “attack site.” The content is actually malicious, obfuscated JavaScript code and is detected by Sophos as Mal/ObfJS-BP.
Meanwhile, independent Security Consultant Dancho Danchev warns that websites belonging to the Hungarian and Pakistani embassies of the Republic of Azerbaijan have suffered a similar fate. “Both embassies are embedded with identical domains, parked at the same IP and redirecting to the same client-side exploits serving URL operated by Russian cybercriminals,” the researcher writes.

This is particularly interesting as it comes after Roger Thompson, chief research officer for AVG, announced at the beginning of March that malicious, exploit-serving code had been injected into the Azerbaijan section of the United States Agency for International Development website (azerbaijan.usaid.gov).

According to Dancho Danchev, the usaid.gov exploits were being loaded from domains previously affiliated with the infamous cybecrime group known as the Russian Business Network. This makes him believe that it might not be a coincidence that all these Azerbaijan-related websites were being hit by Russian hackers. “What prompted this sudden attention to Azerbaijanian web sites? Azerbaijan’s President visit to Iran in the same week when Russian Foreign Minister Sergei Lavrov is visiting Azerbaijan?,” he rhetorically asks.

It seems that the sites of permanent diplomatic missions are becoming common targets for malware distributors, most likely because people tend to trust them. At the end of January, we reported that the Web page of the Indian Embassy in Spain had also been compromised. Other similar incidents involved the websites of the U.S. Consulate in St. Petersburg, the French Embassy in Lybia, the Syrian Embassy in London, the Dutch Embassy in Moscow, or the Embassy of Brazil in India.

Source softpedia


One comment on “Websites of Three More Embassies Spreading Malware

  1. I think it is the same problem that Ethiopian News Agency is facing currently. One possible cause is that the personal computers of the webmasters in charge are infected or their websites rely on third party scripts which may happen to be malicious. Aytal New. Ke vayrus Yisewuren

Comments are closed