Unlike most so-called drive-by attacks on websites, which infect visitors’ computers with malware, a strike on a software provider’s website involved a tool that takes detailed notes about visitors’ machines, Computerworld reports.
The unnamed website is “related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing," AlientVault Labs Director Jaime Blasco said in a blog post. AlienVault detected the breach last week.
The attackers inserted rogue code into the site, which then loaded a file from a remote server. The file was a reconnaissance tool dubbed Scanbox.
Scanbox, among other things, tests computers for the presence of a Microsoft anti-malware tool and records information about installed versions of Adobe Flash, Microsoft Office, Acrobat Reader and Java -- programs frequently targeted by cyberweapons to install malware.
"This is a very powerful framework that gives attackers a lot of insight into the potential targets that will help them launching future attacks against them,” Blasco said.
Read the rest at ThreatWatch, Nextgov’s regularly updated index of cyber breaches.