The Mangaung Metro Municipality (MMM) Web site (mangaung.co.za, bloemfontein.co.za) is still serving malware after being hacked, even though the municipality claims the site is in working order.
When entering the Web site, a Windows executable called "firefox.exe" is automatically downloaded to a user's computer. However, MMM spokesperson Qondile Khedama says the municipality is not aware that the Web site is serving malware. He confirmed the Web site was hacked on Sunday, but says the Web site has been restored and "a mechanism put in place to restore the Web site to its original version every five minutes".
"A new Web server has been procured and a new Web site is also being developed, which will be hosted on completely new server infrastructure that will be secure. This new Web site will be launched very soon," says Khedama. He says no data was compromised during the hack.
When presented with a screenshot and a Virustotal report on the malware, Khedama responded: "It's a work in progress."
Chris Pace, director of product and solutions marketing at Blue Coat, says about 85% of malware that infects computers comes from infected Web sites.
"Here at Blue Coat we block around three million threats from the Web each day," says Pace. "Hackers are now in the business of targeting a Web site to see if it has any vulnerabilities. They have programs specially designed to find these weaknesses, and then exploit them to take control of the site."
Pace explains that a computer without the necessary defences can become "invisibly infected" by malware from an infected site. Once the Trojan has installed itself, it could do any number of things, such as taking control of the computing power to send spam, watching what the user does, accessing files on the computer, or intercepting online banking or password information, he notes.
"If the Web site has enough visitors to infect some computers, it becomes worthwhile for the hacker."
Pace says in a case like the Mangaung Web site, the possibility exists that the Web server itself has an infection. "So they [MMM] need to do this from both sides: using anti-virus to clean up the server and then using a Web application tool to make sure that the content being published on their site is safe."
Khedama says while the MMM is investigating who hacked the Web site, he believes there is no motive other than normal sniffing for Web site security gaps. "Our only worry as the city is that government Web sites are regularly hacked. This is becoming a pattern and it is worrisome. As the city, we will be giving this matter serious attention. If it means that we must advise our colleagues in government, then we will definitely be doing so."
In April, the Web site for the Administrative Adjudication of Road Traffic Offences was hacked by a hacker called rEd X. In December, three government Web sites were exposed to cyber attacks, namely the Department of Social Development, the Presidential National Commission and the National Population Unit.
Share
