Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    These days, it seems that it can happen to almost anyone — Web site compromises are really, really out of control, and virtually anyone can be victimized when proper security measures are not taken.

    Very recently, another government site became a victim of an SQL injection or XSS attack (possibly enabled by the site’s use of an older Web server application version) — the Web site of the Supreme Court of Nepal.

    Figure 1. Screenshot of the legitimate Supreme Court of Nepal Web site,

    After being hacked, this Web site was turned into a host for pornographic video (particularly named porno tv).

    Unfortunately, this site also included (before being cleaned up) 157 other adult links.

    Other than links, the hacked site also displayed a login page that can be used to gather email addresses for possible spam distribution.

    Figure 2. Screenshot of the Supreme Court of Nepal after being compromised by hackers

    We also observed the injected folder with adult HTML files, as shown below:

    Figure 3. Screenshot of indexed folders pertaining to the site

    This folder contained the porn files, but did not contain any malware as when we discovered it (it has also been cleaned up now, but we’re keeping an eye on it).

    Trend Micro Smart Protection Network protect users from inappropriate content by classifying this site as Pornography, enabling users or administrators to block access to this category of sites.

    Note that we have already informed the owners of the said site of our findings and that the site, as of this writing, is already clean.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice