Websense: Malcode Found on Mexican .Gov Website

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yet another example on the threat landscape of a method for
compromising end-systems which is growing at an alarming rate.

Via Websense Security Labs.

[snip]

Websense® Security Labs™ has discovered malicious code hosted on a
government body's official Web site. The victim is Comisión Federal de
Telecomunicaciones, a division of Mexico's government (equivalent of the
FCC in the United States).

The main page of this Mexican government Web site does not contain anything
malicious. However, when a user visits http://prospectiva.cft.gob.mx/, an
.scr file is downloaded. After execution, the .scr file drops a
suspiciously named executable into the Windows startup directory for all
users.

The executable downloaded from this government site is malicious. The
newly-installed malware collects user information and sends it back to the
original source of the executable.

[snip]

More:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=772

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGN7jdq1pz9mNUZTMRAodyAKCscpNTpsIjWgnB08FXWrIumf73CgCbBfyz
qHXo+/dI64pbFajHsIxqE/U=
=trI3
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.