Security Alert: Fiat Web Site Compromised

Security Alert: Fiat Web Site Compromised

Websense Security LabsT ThreatSeeker Network has discovered that the official Web site of Fiat in Singapore has been compromised and is infecting the machines of site visitors with malicious code. Fiat is an Italian automobile manufacturer and industrial group based in Turin. Malicious code, showing traits of the Luckysploit exploit kit, has been inserted onto the main page of the site using an iframe. This iframe redirects itself to the pages of a different host that contains malicious obfuscated JavaScript code.

This code takes advantage of the MS Snapshot Viewer exploit (CVE-2008-2463) and the Adobe Reader PDF exploit (CVE-2007-5659). Upon successful exploitation, futher malicious files are downloaded and the infection reported via a phone home to ipaddress 213.15[removed] A rootkit is then installed on the user’s machine.

The anti-virus detection rate for this is poor as can be seen in the AV detection report.

Websense®, Inc. has contacted Fiat to advise them of the issue.

Fiat has been in the news recently with press reports indicating a possible deal being discussed with the American car manufacturer Chrysler (link to news article).

Websense Messaging and Websense Web Security customers are protected against this attack.To view the details of this alert Click here

Leave A Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.