Big fish: Trojans catch U.S. Consulate in Russia

Posted by Wolfgang Gruener

Chicago (IL) – Security software firm Sophos reports that webpages of the U.S. Consulate General in St. Petersburg, Russia, were infected by trojans earlier this week.

Sophos believes that that the attack was part of a "larger campaign" and that the U.S. Consulate General had not been selected as a specific target. The firm said that a total of more than 400 webpages were compromised, with the majority of them being hosted in Russia.

"Over the last few months we have seen a multitude of high profile organizations and government agencies come under attack by cybercriminals,” said Ron O’Brien, senior security analyst for Sophos.  “The frequency of these attacks is alarming and signifies that any organization, no matter the size or stature, is a target for hackers and malicious activity.”  

Sophos mentioned that it used an Internet cache to retrieve a copy of one of the infected Consulate pages, which allowed the firm to examine the attack. Apparently there were two different attacks involved, the first of which involved the downloader trojan Mal/ObfJS-C. Malicious script (JS/Doad-E) is loaded from another location, which tries to download additional code (Mal/Packer), which, according to Sophos, could be used to steal business critical data and personal details.

The second attack also involved Mal/ObfJS-C, which in this case inserted an iframe into the webpage "to silently load malicious content from an attack site hosted in the U.S.," Sophos said. The script is designed to exploit "several" browser vulnerabilities to download the Mal/Behav-119 trojan, another downloader trojan, to a client PC.