In association with heise online

14 February 2012, 16:09

Whistleblowing platform used to spread malware

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit logo

Whistleblowing platform has been hacked and used to spread malware. Unknown perpetrators gained access to the server and used the Black Hole 12 exploit toolkit to infect all of its HTML pages (of which there are many thousands). The JavaScript toolkit identifies a user's browser and operating system before attempting to exploit a range of vulnerabilities to inject malicious code onto their system.

In this case, Black Hole appears to have been configured only to attack Internet Explorer. A log file containing around 2,900 IP addresses was found on the server and may offer some indication of the number of systems infected.

It is not clear how the attackers were able to penetrate the server. The team has published a harmless extract of the malicious code and is asking for assistance in analysing it. Some initial thoughts have already been received. One user has suggested that the attacker may have used the WebDAV interface to modify the HTML files.

The team is currently busy disinfecting the affected files, around 80% of which are now back online.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit