The Indian Institute of Remote Sensing Website is Being Hacked!

Cyber criminals work hard each day trying to spread their malicious activities, and there are no signs that they are going to stop. On the contrary, they are doing their best to improve their attacks and increase the success of them. This time security experts from Finjan are warning everybody against the hacked 'iirs-nrsa.gov.in' website of India's Institute of Remote Sensing. Cyber criminals are using this website as a malicious code distribution channel.

How does the whole attack occur? And what is the hackers purpose of using it? The attack involves the injection of a script into a website which adds an IFrame to the page. The researchers from Finjan explained that "The IFrame created by this script points to malicious content hosted on a server in Texas armed with the LuckySploit attack toolkit."

LuckySploit uses a collection of exploits for vulnerabilities in the operating system, browsers or other popular software such as Adobe Flash and Adobe Reader. First, a user visits a compromised website - in this case the above mentioned website of India's Institute of Remote Sensing - and is then redirected to a server armed with LuckySploit.

According to the statistical information obtained by security specialists, iirs-nrsa.gov.in had 500 hits from 157 unique users since it was compromised. Despite these relatively low numbers, the successful infection rate is pretty high, now at 17,8%. However, the fact that should get everybody worried is that the total number of successful infections on all the websites compromised by this group of hackers reaches the number of 11,798.

It's also important to note that "The exploit page was detected by only 4 out of 40 AV engines on Virus Total," as indicated by Finjan specialists. Here are the names of the detections and the corresponding AV vendors:

• JS: Downloader-CF (Avast)
• Trojan-Downloader.JS.LuckySploit.q (F-Secure)
• JS:Downloader.CF (GData)
• Trojan-Downloader.JS.LuckySploit.q (Kaspersky)

Therefore, once again everybody is warned to be cautious when surfing the net. Use an appropriate anti-virus program. Don't forget to keep it up-to-date, and also be sure to download all necessary security updates. Cyber criminals have always been trying to deceive as many victims as possible. And although we can't stop them from creating new attacks, our common sense can help to reduce the amount of infections on our systems.