The Nigerian Economic and Financial Crime Commission (NEFCC) is a law enforcement agency that investigates terrorism, cybercrime, scams and financial frauds within their region. This is their website:
Recently, we’ve received a report that this legitimate website has been compromised. We decided to verify this report and check the site out for ourselves. Sure enough, when we viewed the HTML source for the NEFCCs website, something suspicious came up:
This is a classic case of a script-based Trojan downloader that is triggered by simply viewing a webpage. However, in this case, the webpage doesn’t offer fake codec downloads or free stuff but rather is a legitimate one, only compromised by a malicious IFRAME tag inserted in its HTML source. It is quite ironic that an organization dedicated to fight cybercrime has been targeted by malware perpetrators. This just shows that even those directly involved in security can become targets as well.