Ismael Valenzuela sent us a story about yet another malware through iFrame serving site. This time it is an official one, belonging to the Indian government official branch in Spain - it's embassy.
We can hardly include every malware service site in WHID, after all there are hundred of thousands, if not millions, of those. Why pick on the Indian embassy in Spain? One good reason is that we finally got in an input from a reader and wanted to honor the event and include the incident. But there is another more important reason.
First, hacked embassy sites are becoming a major issue which points to a much larger issue: cyber crime is endangering the Internet as we know it. While we come to rely on the web to provide us with all the information and services that we need, we do not have the tools to make it a safe place, and embassy web sites are a good example.
Practically the only way to provide sufficient security to a web site is not to have it in the first place. Instead small organizations must rely on the services of huge brokers, such as Amazon, eBay or Google sites. However not everyone can use this services. Embassies are a good example as they need to be "doubly localized" for both the originating and target countries which makes it nearly impossible to create a uniform service for them. Therefore even embassies of larger countries need to create small home made and insecure web sites, as they need to adjust their site content, language and site look to the local community served.
Thechnical analysis of the planted malware was done by Trend Micro.