Nepalese government websites compromised to serve Zegost RAT
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Nepalese government websites compromised to serve Zegost RAT | |
|---|---|
| Botnet | Zegost |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 08 aug2012 |
| Editor/Conference | Websense |
| Link | http://community.websense.com/blogs/securitylabs/archive/2012/08/08/nepalese-government-websites-compromised-to-serve-zegost-backdoor.aspx community.websense.com (community.websense.com Archive copy) |
| Author | Gianluca Giuliani, Elad Sharf |
| Type | |
Abstract
“ The Websense® ThreatSeeker® Network has detected that two Nepalese government websites, the National Information Technology Center (NITC) and the Office of the Prime Minister and Council Minister (nitc.gov.np and opmcm.gov.np respectively), have been compromised and injected with malicious code that tries to exploit the Java vulnerability CVE-2012-0507. The aim of this injection is to install, through successfully exploiting that Java weakness, a backdoor that is also dubbed "Zegost" on the systems of visitors to these websites.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1109,
editor = {Websense},
author = {Gianluca Giuliani, Elad Sharf},
title = {Nepalese government websites compromised to serve Zegost RAT},
date = {08},
month = Aug,
year = {2012},
howpublished = {\url{http://community.websense.com/blogs/securitylabs/archive/2012/08/08/nepalese-government-websites-compromised-to-serve-zegost-backdoor.aspx community.websense.com}},
}