Monday, 21 January 2013

Kenyan Judiciary (judiciary.go.ke) hacked to serve malware

The Judiciary of the Republic of Kenya has a mission to deliver justice fairly, impartially and expeditiously, promote equal access to justice, and advance local jurispudence by upholding the rule of law. Unfortunately, it has also been hacked to serve up malware.


The site has been compromised to serve up an exploit kit being promoted by spam email. There's a redirector at [donotclick]www.judiciary.go.ke/wlc.htm attempting to redirect visitors to [donotclick]dfudont.ru:8080/forum/links/column.php where there's a nasty exploit kit.



Of course, most visitors to the judiciary.go.ke site won't see that particular exploit. But if someone can create an arbitrary HTML page on that server, then they pretty much have the run of the whole thing and they can do what they like. So the question might be.. what else has been compromised? Hmm.

No comments: