Hackers said a big Happy New Year to the Council on Foreign

Relations, using the organization's own website to attack unsuspecting visitors.

The CFR is a non-partisan policy group, known mostly for

publishing Foreign Affairs, an influential journal on the subject. The group's

website was infected with malware that uses a "watering hole" attack

-– waiting for users to visit the site before downloading the malware to their

machines. The malware involved allows a hacker to execute code remotely on the

target computer.


Twitter Takedown Tweets: Photos


Ziv Mador, director of security research at Trustwave, an IT

security firm, told Disovery News that it isn't clear yet what the malware

does. "We're still working on it," he said. "It's a pretty

complex piece of malware."

The malware only works on Internet Explorer 8 or earlier versions. The hackers altered the HTML code on the CFR's website itself and were able to remotely execute a program on any computer that accessesed the site. The malware was hidden in several pieces and

stored in areas that the web page needed to go to in order to retrieve stored content such as

text and pictures. "The javascript is hidden in a file on the system that

is usually used for a completely different purpose," he said.


Secretly Attaches Stolen Data to Photos

Microsoft is reportedly working on a permanent fix, and

issued a security

advisory on Dec. 29. In the meantime there is an automatic work-around here. The simplest way to protect oneself is to disable Javascript

and Flash, according to Microsoft, but sometimes turning those two features on an off for different sites can be inconvenient. Users of Internet Explorer 9 and later

aren't vulnerable.

While the particular attack on the CFR website used a

previously unknown vulnerability in Internet Explorer, the "watering

hole" attack is nothing new: a local government site in Maryland and a

bank in Boston were hit by one called VOHO in July, which infected targeted

computers with code that sent information such as keystrokes back to a server.

Via Threatpost

Photo: An image of the Blaster virus code. Credit: Wikimedia Commons