Pres. Ahmadinejad trying to infect Israelis with web viruses?
****Update: Israelis strike back -Crash site on Monday*** [My understanding is that there was malicious code in the form of malware on this site on Aug 14th targeted at Israelis. It was there for slightly less than 24 hours. It is no longer there. The site is currently clean]
****Update: This in from Symantec:
We at Symantec Security Response have investigated this issue thoroughly and can find no indication of malicious code being present on that nor on the www.ahmadinejad.ir landing page that triggered the alert.
We believe what happened was that an IPS (Intrusion Prevention System) signature in Norton Personal Firewall triggered an alert on the www.khamenei.ir website due to HTML code on that page that must be present to exploit the MS IE DragDrop Embed Code vulnerability. Upon investigation, it appears that while the code in this case is harmless, its presence was suspicious enough to trigger an alert. Additionally, this issue is not limited to Israel, as we were able to reproduce the issue ourselves.
We have taken steps to modify the IPS signature which was causing this alert to appear and the updates will be available shortly. In the meantime, we recommend that all user ensure that their software, such as browsers and operating systems, are fully patched and their security software up to date with the latest updates and definitions.
Information forwarded to me:
The Iranian president, Ahmadinejad, has opened his very own blog. You can read the news here. Wouldn’t it be nice to pay him a visit and tell him what you think about his terror-supporting regime? Don’t do this! It’s a trap!
Does Iran now use the Internet to harass Israeli citizens? To take advantage of the increasing Iranian-Israeli dialog online? If you do visit the blog, the first screen looks innocent:
But if you click on one of the links on the left side of the page (and you are coming from Israel), you get this alert from your firewall:
And here is what Norton Internet Security has to say about this alert:
Looking up IP address 22.214.171.124 on DNSSTUFF clearly shows it is indeed an Iranian address. Here is the contact info for it:
“HTTP MS IE File DragDrop Embed Code”, according to Symantec is “an attempt to exploit a vulnerability in Internet Explorer […that] if combined with other vulnerabilities, […] could aid in execution of arbitrary code on the client computer”. Bad stuff.
Want to check this out yourself? Unless you are a security expert, don’t. If you understand the risk, and want to see for yourself, go to www.ahmadinejad.ir and click on www.khamenei.ir. Anyway, make sure all your defenses are up before you enter!
And yo, people who aren't Israelis and who are computer savvy, do you get this or no?