Attackers Infect French Embassy Web Site
In this particular attack, perpetrators added an i-frame, to the Embassy's site. When visiting the site, a user's browser will silently connect to another Web site that installs a malicious code redirecting a user somewhere else. The malicious program on the Web site then reroutes the victim to sites hosted by a Hong Kong-based provider and on through Russia and the Ukraine, where downloaders then compromise users' machines.
"All that stuff is just there to drive malware to the user's machines," said Dave Marcus, security and information manager at McAfee Avert Labs. "And you don't even know it's happening."
Marcus said that once a user's browser was compromised, the downloaders would install different types of malware for any number of reasons. "It ultimately depends on what the writer's goal was," said Marcus.
The incident comes on the heels of a politicized visit by Libyan President Muammar Khadafi to France.
The attack was discovered by Francois Paget, McAfee Avert Labs researcher. "Once again, we see how attackers use dedicated malicious Web sites in various countries to make it difficult to defeat them," he wrote in a blog post.
McAfee Avert Labs advises against visiting the French Embassy Web site in Libya, due to the likelihood that the site is still infected.