Hackers Conceal Spyware in Industrial Software Firm’s Site to Probe Visitors

Unlike most so-called drive-by attacks on websites, which infect visitors’ computers with malware, a strike on a software provider’s website involved a tool that takes detailed notes about visitors’ machines, Computerworld reports.

The unnamed website is “related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing," AlientVault Labs Director Jaime Blasco said in a blog post. AlienVault detected the breach last week.

The attackers inserted rogue code into the site, which then loaded a file from a remote server. The file was a reconnaissance tool dubbed Scanbox.

Scanbox, among other things, tests computers for the presence of a Microsoft anti-malware tool and records information about installed versions of Adobe Flash, Microsoft Office, Acrobat Reader and Java -- programs frequently targeted by cyberweapons to install malware.

"This is a very powerful framework that gives attackers a lot of insight into the potential targets that will help them launching future attacks against them,” Blasco said. 

Read the rest at ThreatWatch, Nextgov’s regularly updated index of cyber breaches.

And find out even more on “NG Cybersecurity,” our new iPhone app. 

(Image via wk1003mike/Shutterstock.com)