We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,864 News Articles

Hackers place JavaScript attack code on Govt website

Attack on Welsh site follows Trend Micro incident

In a sign that the spate of attacks first spotted last month are continuing, a Welsh government website has been hacked to serve up malicious JavaScript.

The method of attack is similar to one that recently victimised pages within Trend Micro's website, said Graham Cluley, senior technology consultant for Sophos.

Trend Micro's website was one of up to 20,000 sites discovered in mid-March where hackers found a weakness in the server's security that allowed them to implant malicious JavaScript.

See also:

Trend Micro exposed by widespread web hack

Visit Security Advisor for the latest internet threat news, and internet security product reviews

If a user visits an infected page, the JavaScript initiates a download of malicious code from another server. Sophos named the attack Troj/Badsrc-A.

In this particular case, the server that is hosting the malicious code is down, Cluley said. One possibility is that the server exceeded its allowed bandwidth due to a high number of downloads of malicious code, which would indicate that many people could be infected, Cluley said.

Hacked websites are increasingly being used to infect PCs with malicious software. The attack method can be used to infect fully patched computers. Once the bad JavaScript runs, a user could be prompted to download a piece of software, which the victim may believe they need in order to access the legitimate website, but the software is actually harmful.

In other cases, the JavaScript could launch an attack that seeks to exploit vulnerabilities in, for example, QuickTime, Cluley said. Earlier this week, Apple issued 11 patches for its media player. JavaScript could launch QuickTime, and if the application isn't patched, the PC could be infected.

The Welsh site is one of hundreds upon hundreds of sites that Sophos has catalogued as infected. The vendor chose to publicise its findings on the Welsh site to make a point about how seemingly legitimate sites are being affected by this latest round of attacks, Cluley said.

Absent using security software, one sure-fire way to block this kind of attack is by using the Firefox browser with the NoScript extension. NoScript blocks the execution of JavaScript, Java and Flash in the browser, which hackers are using to get into machines.

NoScript hampers the function of legitimate websites using JavaScript and those plugins, but users have the option of white listing safe sites. The extension, as well as Firefox, are free. In the case of the Welsh Web site, NoScript would block the attack, Cluley said.

Sophos has contacted the organization responsible for the Web site but has yet to receive a response, he said.


IDG UK Sites

iPhone 6 release date, price, specs and new features: Invite confirms 9 September launch

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

How Ford designs next-generation cars at its Melbourne Design Centre

IDG UK Sites

iPhone 6 release date, rumours, video, UK price & images: iPhone launch event confirmed for 9...