This morning I noticed, via feedback from installation of WS1000 web security appliances, that the Communist Party Of Britain’s website was serving Mal/Iframe-F.
While not being the biggest political party in the UK this site would have expected high volumes of traffic in the last few days, as yesterday was the date of Local Government and European elections across England.
The affected file on the website was called silverlight.js suggesting that a crucial piece of the websites multimedia environment was affected by this security breach.
The obfuscated code
unobfuscates to an iframe which points to a malicious website in China that spoofs Google (as mentioned in Fraser’s earlier blog post).
We have not talked about Mal/Iframe-F much on the blog in the last couple of months, the last time strangely was when the Pravda website was affected, but Mal/Iframe-F is still a very real threat for web browsing.
PS. We were thinking of alternative subtitles for this post a la El Reg. Here are some of the ones we came up with:
- Keep the IFrame’s infecting
- Webusers of the world get infected
If you have a punning or amusing subtitle or if you have any comments then contact us via firstname.lastname@example.org and we might be able to find some Sophos branded goodies as a prize.