Embassy of India in Spain found serving remote malware through iFrame attack

Hacking an embassy’s website to use it as malware distribution point is not something new, neither is the use of the iframe injection attack, but it’s still surprising the number of infected sites out there.

Earlier this morning I was alerted to this problem by a colleague who was trying to access www (dot) embajadaindia (dot) com to sort out some paperwork related to my employer’s offices in India. When tried to load the site, the Desktop Antivirus displayed the following pop-up alert:

Sophos Alert - www (dot) embajadaindia (dot) com

The alert description is fairly self-explanatory, Continue reading Embassy of India in Spain found serving remote malware through iFrame attack

Links to overcome the post-holiday syndrome

September came quickly and holidays are gone. Well, at least for me and for most of the people that live in this part of the world. If you happen to be one of those that survived the holiday season -and all its hassles- without even approaching your laptop, blackberry, iPhone, PDA or any other kind of “always-on” Internet device… you are either a liar or a hero.

Whatever you did, and despite the amount of money you spent, one thing is for sure: if you are reading this it’s safe to assume that you are still interested in reading about good infosec stuff, aren’t you?

Keep reading then and have a look at the following links containing a few interesting security tools, new forensic challenges and even a new Multi-Boot Security Live DVD:

  • DFRWS 2008 Rodeo (forensic challenge): The 8th annual Digital Forensic Research Conference was held from August 11 to 13, 2008 in Baltimore, MD. A key element of this conference is the “forensic rodeo”, a challenge where conference attendees form teams to solve a digital forensic problem. The DRFWS has made the materials for the 2008 Forensic Rodeo available on their website for educational purposes and to support further research in memory analysis and file carving. The scenario description and the image files can be downloaded http://www.dfrws.org/2008/rodeo.shtml Continue reading Links to overcome the post-holiday syndrome

Unix Command-Line Kung Fu

I was discussing with a friend a few weeks ago how challenging is to teach folks that come in from the exclusive Windows-world on advanced Unix topics. Yes, I mean the kind of user that ends up rebooting a Unix box after changing a conf file instead of just restarting the appropriate services 🙂 .

I’m sure those, both Unix beginners and their managers, will appreciate the following presentation I came across a few weeks ago: “Unix Command-Line Kung Fu“. It’s author, Hal Pomeranz, presented it at SANS 2008 Orlando as part of the @Night talk conferences.

Continue reading Unix Command-Line Kung Fu