Websense ’Security Alert about FIAT
April 2009 by Websense
Websense® Security Labs ThreatSeeker Network has discovered that the official Web site of Fiat in Singapore has been compromised and is infecting the machines of site visitors with malicious code. Fiat is an Italian automobile manufacturer and industrial group based in Turin. Malicious code, showing traits of the Luckysploit exploit kit, has been inserted onto the main page of the site using an iframe. This iframe redirects itself to the pages of a different host that contains malicious obfuscated JavaScript code.
This code takes advantage of the MS Snapshot Viewer exploit (CVE-2008-2463) and the Adobe Reader PDF exploit (CVE-2007-5659). Upon successful exploitation, futher malicious files are downloaded and the infection reported via a phone home to ipaddress 213.15[removed] A rootkit is then installed on the user’s machine.
The anti-virus detection rate for this is poor as can be seen in the AV detection report.
Websense®, Inc. has contacted Fiat to advise them of the issue.
Fiat has been in the news recently with press reports indicating a possible deal being discussed with the American car manufacturer Chrysler (link to news article).
Websense Messaging and Websense Web Security customers are protected against this attack.