Hackers said a big Happy New Year to the Council on Foreign
Relations, using the organization's own website to attack unsuspecting visitors.
The CFR is a non-partisan policy group, known mostly for
publishing Foreign Affairs, an influential journal on the subject. The group's
website was infected with malware that uses a "watering hole" attack
-– waiting for users to visit the site before downloading the malware to their
machines. The malware involved allows a hacker to execute code remotely on the
Ziv Mador, director of security research at Trustwave, an IT
security firm, told Disovery News that it isn't clear yet what the malware
does. "We're still working on it," he said. "It's a pretty
complex piece of malware."
The malware only works on Internet Explorer 8 or earlier versions. The hackers altered the HTML code on the CFR's website itself and were able to remotely execute a program on any computer that accessesed the site. The malware was hidden in several pieces and
stored in areas that the web page needed to go to in order to retrieve stored content such as
is usually used for a completely different purpose," he said.
Microsoft is reportedly working on a permanent fix, and
issued a security
and Flash, according to Microsoft, but sometimes turning those two features on an off for different sites can be inconvenient. Users of Internet Explorer 9 and later
While the particular attack on the CFR website used a
previously unknown vulnerability in Internet Explorer, the "watering
hole" attack is nothing new: a local government site in Maryland and a
bank in Boston were hit by one called VOHO in July, which infected targeted
computers with code that sent information such as keystrokes back to a server.
Photo: An image of the Blaster virus code. Credit: Wikimedia Commons