Websense researchers report that the Web site for Israel's Institute for National Security Studies (INSS) was recently injected with malicious code.
"While we can't determine that the infection of this website with exploit code is part of a targeted attack, one could deduce that visitors to this type of site are likely to have an interest in national security or are occupied in this field," Websense's Gianluca Giuliani writes. "The website appears to be injected with malicious code for over a week now. "
"While the page is loading, the users are silently redirected to an exploit page," writes Help Net Security's Zeljka Zorz. "Once the exploit does what it's meant to do, a file named svchost.exe is downloaded onto the target computer and run. The file in question is a Poison Ivy variant, which connects automatically to a dynamic DNS command and control center, and allows attackers to remotely control the targeted computer."
"The cybercriminals responsible for hijacking the site deployed a number of methods designed to ensure that security products and malware analysis technologies would not raise any alarms when scanning the site," writes Softpedia's Eduard Kovacs. "To avoid being detected, they obfuscated the malicious code and they embedded a 104 megabyte text file into the Java file. The latter technique is utilized because malware scanners in many cases ignore large files, since it is known that malicious elements tend to be small in size."