Security software vendor Zscaler this week said hackers have successfully targeted a Red Cross website for the second time in five months, giving data thieves yet another way to capture and steal Internet users’ personal information.
As eSecurity Planet reports, this latest piece of complex malware was injected in a JavaScript file on several of the Red Cross of Serbia’s pages.
Back in March, the American Red Cross East Shoreline Chapter’s website was hit by a malware campaign that used iframe injections to infect several pages with malicious code and links.
Zscaler said it has already notified the Red Cross of Serbia of this latest cyber attack.
Earlier this week, McAfee issued its 2Q 2010 Threats Report and found that more malware was created and discovered in the first half of this year than any other six-months span on record.
Security software vendor Zscaler this week uncovered a new malware scam targeting the Red Cross of Serbia, the second time in five months that hackers have zeroed in on one of the international humanitarian organization’s public websites.
Hackers managed to inject a malicious JavaScript file, “hxxp://obsurewax.ru/Kbps.js” into several pages on the Red Cross of Serbia’s homepage. Most antivirus software programs prevent Internet users from accessing the site now but before it was caught, the malware could infect users’ machines to capture personal information and spread even more malware and spam.
“Even though the malicious code is no longer being delivered, it is possible that the vulnerability that led to the attack has not yet been patched and further infection could occur, or the existing malicious content could become active once again,” Zscaler security researcher Pradeep Kulkarni wrote in a blog post.