Researchers at Websense have warned that the ‘Youandaids HIV/AIDS portal for Asia Pacific’ - a division of the UN AIDS initiative became the target of new hacker technique yesterday.
The method scans for multiple un-patched Microsoft vulnerabilities in an aim to install a back-door Trojan, according to Joel Camissar managing director A/NZ at Websense.
“Rather than looking for one exploit – which is the norm - it looks for several and hones in on one to then install a Trojan horse,” said Camissar.
“When the Web site is visited, a malicious JavaScript file (e.js) is executed. Site visitors infected with this malicious code will have a Trojan downloaded and backdoor installed on their desktops,” according to a Websense advisory.
First discovered on 17th August, the technique was used to attack a prominent Indian bank and a US biotechnology company, said Camissar.
“And this campaign is hosted by the same group,” he added.
UN AIDS site target of new 'vulnerability scan' attack
By
Negar Salek
on
Aug 29, 2007 9:57AM

Hackers compromise a United Nations’ Asia Pacific AIDS information site using an emerging malicious technique which scans for multiple vulnerabilities.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future

Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection