More Like This {
Best Inventions of the Creative Years: Photos
World's Strongest Material: Top 10 Uses
Touchy-Feely Bionic Hand Closer to Reality
Tech

Foreign Policy Group Gets Hacker Happy New Year

Jan 3, 2013 10:41 AM ET // by Jesse Emspak

Hackers said a big Happy New Year to the Council on Foreign

Relations, using the organization's own website to attack unsuspecting visitors.

The CFR is a non-partisan policy group, known mostly for

publishing Foreign Affairs, an influential journal on the subject. The group's

website was infected with malware that uses a "watering hole" attack

-– waiting for users to visit the site before downloading the malware to their

machines. The malware involved allows a hacker to execute code remotely on the

target computer.

Top

Twitter Takedown Tweets: Photos

DNEWS VIDEO: COOL JOBS: HACKER

Ziv Mador, director of security research at Trustwave, an IT

security firm, told Disovery News that it isn't clear yet what the malware

does. "We're still working on it," he said. "It's a pretty

complex piece of malware."

The malware only works on Internet Explorer 8 or earlier versions. The hackers altered the HTML code on the CFR's website itself and were able to remotely execute a program on any computer that accessesed the site. The malware was hidden in several pieces and

stored in areas that the web page needed to go to in order to retrieve stored content such as

text and pictures. "The javascript is hidden in a file on the system that

is usually used for a completely different purpose," he said.

Malware

Secretly Attaches Stolen Data to Photos

Microsoft is reportedly working on a permanent fix, and

issued a security

advisory on Dec. 29. In the meantime there is an automatic work-around here. The simplest way to protect oneself is to disable Javascript

and Flash, according to Microsoft, but sometimes turning those two features on an off for different sites can be inconvenient. Users of Internet Explorer 9 and later

aren't vulnerable.

While the particular attack on the CFR website used a

previously unknown vulnerability in Internet Explorer, the "watering

hole" attack is nothing new: a local government site in Maryland and a

bank in Boston were hit by one called VOHO in July, which infected targeted

computers with code that sent information such as keystrokes back to a server.

Via Threatpost

Photo: An image of the Blaster virus code. Credit: Wikimedia Commons

Tags Computer Security Computer Software Cybercrime Internet Internet Safety Tech
Recommended for you
Blog
Fire-BreathingBlackStallionRidesHigh
Gallery
WhatWeThinkMartiansLookLike
Video Playlist
SuperchargedMindControl:What'sOurFuture?
Article
FakeForestConvertsSunlightIntoEnergy
Blog
RockOutWithPaperandPencilInstruments
Blog
HockeyPuck-ShapedDIYRobotMakesDebut
Blog
SugruSticksAroundForAllYourQuickFixes
 
D News Video
DNews: When Will We Have Real Invisibility Cloaks?
News: Marathon Running Examined
DNews: Slime Mold Solves Mazes
DNews: Shocked by 1 MILLION Volts of Electricity
1 2 3 4
The Must Reads
Massive Asteroid to Make 'Royal' Flyby
What's It Really Like to Be a Spy?
Dust Devils Rip Up Mars' 'Etch A Sketch' Surface
Opportunity Breaks NASA's 40-Year Roving Record
When (Part of) Apollo 13 Reached the Moon
1 2 3 4 5
The Mind Blowers
Australian Politician Attacked by Kangaroo
Victorian Era Brits Were Smarter Than Us
Swirling Waters Seen From Space
Word Bubbles
Big Bang 'Blood Spatter' Produced by Atom-Smasher
1 2 3 4 5
The Radar
UK to Send First Astronaut to Space Station
The Big Number
$ 1
The Big Number
-- Million: The value of jewels stolen from the hotel room of a Swiss luxury watchmaker and jeweller at the Cannes film festival
Big Quote
"I don't ever want to lose my kids."
-- Melissa Torrez who hopped in her car and gave chase after a man who had grabbed her 4-year-old daughter from her family's yard. The suspect was caught and charged with attempted kidnapping
1 2 3