Union Public Service Commission website of India Compromised

My previous blog discussed the injection of malicious JavaScript into the html/JS pages of a Red Cross website. This time victim of similar attack is an Indian government website, namely http://upsc.gov.in/ .

Screen-shot of the UPSC homepage:

Screen-shot of the source code:

A quick Google search for this malicious JavaScript code shows that many sites are infected with the same code. Clearly, there is an automated attack targeting the same application logic flaws within various different websites. Currently, the link to the malicious website is down. Though it seems from related attacks that the perpetrators are continually changing the domains and the malicious script associated with the attacks. Tried to send notification on certain email address found while doing look up on domain name, but messages were rejected.

For those not aware, Virustotal has now launched new functionality that permits you to submit URLs, which will then be checked against popular blocklists. The result for this site shows that none of the lists have yet detected the infection. Additionally, if you submit malicious HTML file, only 8/41 AV engines identify it as malicious.

Pradeep