Researchers at Websense have warned that the ‘Youandaids HIV/AIDS portal for Asia Pacific’ - a division of the UN AIDS initiative became the target of new hacker technique yesterday.
The method scans for multiple un-patched Microsoft vulnerabilities in an aim to install a back-door Trojan, according to Joel Camissar managing director A/NZ at Websense.
“Rather than looking for one exploit – which is the norm - it looks for several and hones in on one to then install a Trojan horse,” said Camissar.
“When the Web site is visited, a malicious JavaScript file (e.js) is executed. Site visitors infected with this malicious code will have a Trojan downloaded and backdoor installed on their desktops,” according to a Websense advisory.
First discovered on 17th August, the technique was used to attack a prominent Indian bank and a US biotechnology company, said Camissar.
“And this campaign is hosted by the same group,” he added.
UN AIDS site target of new 'vulnerability scan' attack
By
Negar Salek
on Aug 29, 2007 9:57AM
