UN AIDS site target of new 'vulnerability scan' attack

By on
UN AIDS site target of new 'vulnerability scan' attack

Hackers compromise a United Nations’ Asia Pacific AIDS information site using an emerging malicious technique which scans for multiple vulnerabilities.

Researchers at Websense have warned that the ‘Youandaids HIV/AIDS portal for Asia Pacific’ - a division of the UN AIDS initiative became the target of new hacker technique yesterday.

The method scans for multiple un-patched Microsoft vulnerabilities in an aim to install a back-door Trojan, according to Joel Camissar managing director A/NZ at Websense.

“Rather than looking for one exploit – which is the norm - it looks for several and hones in on one to then install a Trojan horse,” said Camissar.

“When the Web site is visited, a malicious JavaScript file (e.js) is executed. Site visitors infected with this malicious code will have a Trojan downloaded and backdoor installed on their desktops,” according to a Websense advisory.

First discovered on 17th August, the technique was used to attack a prominent Indian bank and a US biotechnology company, said Camissar.

“And this campaign is hosted by the same group,” he added.
Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?