Posted on 03/25/2009 4:29:32 PM PDT by Cindy
Yet another embassy web site is falling victim into a malware attack serving Adobe exploits to its visitors. As of last Friday, the official web site of the Embassy of Portugal in India has been compromised (embportindia.co.in). Who's behind the attack? Interestingly, that's the very same group that compromised the Azerbaijanian Embassies in Pakistan and Hungary earlier this month. Assessing this campaign once again establishes a direct connection with the Rusian Business Network's pre-shutdown netblocks and static locations.
(Excerpt) Read more at ddanchev.blogspot.com ...
Previously...
http://ddanchev.blogspot.com/2009/03/azerbaijanian-embassies-in-pakistan-and.html
WEDNESDAY, MARCH 11, 2009
“Azerbaijanian Embassies in Pakistan and Hungary Serving Malware”
SNIPPET: “Both embassies are embedded with identical domains, parked at the same IP and redirecting to the same client-side exploits serving URL operated by Russian cybercriminals.”
Previously...
http://ddanchev.blogspot.com/2009/03/ethiopian-embassy-in-washington-dc.html
“Ethiopian Embassy in Washington D.C. Serving Malware”
by Dancho Danchev
(March 18, 2009)
SNIPPET: “Oops, they keep doing it again and again. The web site of the Ethiopian Embassy in Washington D.C (ethiopianembassy.org) has been compromised and is currently iFrame-ed to point to a live exploits serving URL on behalf of Russian cybercriminals, naturally in a multitasking mode since the iFrame used to act as a redirector in several other malware campaigns.
Despite that the iFrame domain (1tvv .com/index.php) is already “taken care of”, details on the original campaign can still be provided.”
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.