SophosLabs blog

Hospitals are there to help you when you’re not well, and the military are there to protect you.

Hence Sophos users who visited the following Naval medical site

were probably a bit surprised when they had to be protected against infection from the web attacks Mal/Badsrc-C and Troj/Iframe-AM.

Sophos’s detection of Mal/Badsrc-C identifies code that includes a URL to a domain know to host malware.

This attack, usually the result of SQL injection, causes users’ systems to download obfuscated JavaScript (detected as Troj/Iframe-AM) which, in turn, directs the victim’s browser to download another page … and so on.

It’s always disconcerting when military or medical systems are compromised. But it’s reassuring to know that in the brief amount of time it took our analysts to investigate the infection, the diligent technical staff at this website had managed to purge the offending code.

Posted on September 16th, 2008 by Michael Shannon, Researcher, SophosLabs Canada
Filed under: Malware, Web

                                         

Related posts

• Anti-virus company Trend Micro: Our website has been hacked, risk of Trojan horse infection
• Root compromise responsible for hacked sites
• SMS message saying bank details on the internet are malicious
• An iframe alternative
• You are the weakest link, goodbye!