Hackers Infiltrate Red Cross Website - Again

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security software vendor Zscaler this week uncovered a new malware scam targeting the Red Cross of Serbia, the second time in five months that hackers have zeroed in on one of the international humanitarian organization's public websites.

Hackers managed to inject a malicious JavaScript file, "hxxp://obsurewax.ru/Kbps.js" into several pages on the Red Cross of Serbia's homepage. Most antivirus software programs now prevent Internet users from accessing the site, but before being caught, the malware could have infected users' machines to capture personal information and spread even more malware and spam.

"Even though the malicious code is no longer being delivered, it is possible that the vulnerability that led to the attack has not yet been patched and further infection could occur, or the existing malicious content could become active once again," Zscaler security researcher Pradeep Kulkarni wrote in a blog post.

Back in March, the American Red Cross East Shoreline Chapter's website was hit by a malware campaign that used iframe injections to infect several pages with malicious code and links.

Zscaler said it has already notified the Red Cross of Serbia of this latest cyber attack.

The assault marks only the latest victory for cyber criminals as they launch ever more numerous efforts to penetrate users' systems and steal critical data. Earlier this week, McAfee issued its 2Q 2010 Threats Report and found that more malware was created and discovered in the first half of this year than in any other six-month span on record.

McAfee researchers said that the security industry identified more than 10 million new pieces of malware during the first half of this year, and that it unearthed 6 million-plus malicious links, attachments or websites between April and June alone.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.