Hackers Conceal Spyware In Industrial Software Firm's Site To Probe Visitors

Staff Writer | Nextgov.com | September 2, 2014

Unlike most so-called drive-by attacks on websites, which infect visitors’ computers with malware, a strike on a software provider’s website involved a tool that takes detailed notes about visitors’ machines, Computerworld reports.  The unnamed website is “related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing," AlientVault Labs Director Jaime Blasco said in a blog post. AlienVault detected the breach last week.

The attackers inserted rogue code into the site, which then loaded a file from a remote server. The file was a reconnaissance tool dubbed Scanbox.  Scanbox, among other things, tests computers for the presence of a Microsoft anti-malware tool and records information about installed versions of Adobe Flash, Microsoft Office, Acrobat Reader and Java -- programs frequently targeted by cyberweapons to install malware...