San Jose, CA, USA, 1st July 2009 – A second Indian government Web site - operated by the Institute of Remote Sensing - has been compromised for malware purposes, says Finjan Inc., a leader in secure web gateway products and the provider of unified web security solutions for the enterprise market.
News that the site has been hacked by cybercriminals comes after Finjan reported that the Government of India portal was hacked back in May of this year.
"This latest hack is interesting on two fronts. First the attack has happened despite the Indian government stepping up security on its hosting servers. And secondly, the cybercriminals have added a script into the site that adds an iFrame attack to the page," said Yuval Ben- Itzhak, Finjan's chief technology officer.
"The page then re-routes to a LuckySploit-infected server in Texas that fires off multiple attacks across the Internet. Early reports suggest that the site hack and re-route has infected several thousand Internet users," he added.
According to Ben-Itzhak, the LuckySploit toolkit uses a variety of methods to infect users and is notable for using a complex encryption system to hide what it is doing.
The bad news about this exploit is that the infected pages are only detected by 4 out of 41 anti-virus engines on the Virustotal.com code checking portal.
Finjan's malicious code research team has notified the Indian CERT operation about the problem, which we hope will be fixed shortly, said Ben-Itzhak.
"More than anything, this infection teaches us that any site can be compromised and serve malicious code without the site owner knowledge. This is why Web protection utilizing real-time content inspection is needed for businesses to prevent such attacks and keep their valuable data away from hackers," he said.
"Individual users should also consider installing a URL-checking browser plugin such as Finjan's free-to-use SecureBrowsing tool," he added.
For more on the second Indian government site compromise see:
http://www.finjan.com/MCRCblog.aspx?EntryId=2299
For more on the LuckySploit toolkit in use in this attack see: http://www.finjan.com/MCRCblog.aspx?EntryId=2213
For more on SecureBrowsing: http://securebrowsing.finjan.com/
For more on Finjan: http://www.finjan.com
ENDS
About Finjan
Secure Gateway provides organizations with a unified web security solution combining productivity, liability and bandwidth control via URL categorization, content caching and applications control technologies. Crimeware, malware and data leakage are proactively prevented via patented active real-time content inspection technologies and optional anti-virus modules. Powerful central management enables intuitive task-based policy management, excellent drill-down reporting capabilities and easy directory integration for all network implementation options. By integrating several security engines in a single dedicated appliance, Finjan’s comprehensive and integrated web security solution enables quick deployment, simplified management and reduction of costs. Business benefits include real-time web security (no patches or updates needed), lower total cost of ownership (TCO), cost savings in administration efforts, lower maintenance costs, and reduction in loss of productivity. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, eWEEK, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.
If you would like an interview with Yuval Ben-Itzhak, CTO of Finjan Contact:
United States
Marina Greenwood
Activa PR
Tel. +1 415 776 5350
This email address is being protected from spambots. You need JavaScript enabled to view it.
UK
Neil Stinchcombe
Eskenzi PR Ltd.
Tel: +44 (0)2071 832 833
This email address is being protected from spambots. You need JavaScript enabled to view it.