Researchers at IT security and control firm Sophos have
discovered that the website of the British Communist Party has had
malware planted on it by hackers, designed to infect the computers
of potential supporters.
Experts at Sophos are warning internet surfers that many pages
on the website could infect innocent users and give cybercriminals
access to their computers, as the hackers have altered a Microsoft
Silverlight script so that it will execute malicious JavaScript
code, identified by Sophos as Mal/Iframe-F.
"The Communist Party's website infection is invisible to the
naked eye, but buried inside the code of a plugin for their
webpages," explained Graham Cluley, senior
technology consultant for Sophos. "The code is designed to deliver
funky animation and video effects to website visitors - but
actually tries to invisibly download malicious code from web
servers based in China and Russia."
Sophos recommends that as cybercriminals have increasingly
turned to using legitimate websites to spread viruses and Trojans,
so computer users need to properly protect themselves from the
threat.
"The Communist Party of Great Britain may not have been
deliberately targeted by politically-minded hackers - it could just
be that they are one of the 30,000 or so legitimate websites we see
every day that have become infected because of lax security,"
continued Cluley. "All computer users need to learn that it's not
just adult and gambling websites that are dangerous - any website,
if not properly secured, can fall victim and leave you seeing red.
This is hardly the way to encourage people to support your
political party."
At the time of writing the Communist Party of Great Britain's
website is still compromised, and Sophos recommends that computer
users do not visit the site.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.