Malaysian Foreign Ministry’s Web Site Compromised

By Sumner Lemon, IDG News Service

Recent visitors to the Web site of Malaysia's Ministry of Foreign Affairs may have come away with something other than a better understanding of Malaysian foreign policy or the country's visa requirements. The Web site was compromised by an unknown attacker and used to redirect visitors to another site containing malicious code.

The attackers added invisible iframes — which apparently directed visitors to Web sites that could contain malware or redirect them to other sites that did — to the home page of the Ministry of Foreign Affairs Web site. The Web site has been fixed, according to Websense Security Labs, which reported the problem in a recent security bulletin. Details of the links contained in the iframes, as well as details of the malicious code that was used on these sites, were not available.

Websense Security Labs could not immediately be reached for comment.

An iframe, or inline frame, is an HTML tag used to embed one HTML page inside another. The embedded HTML page can be made invisible on the screen, hiding them from users.

The incident with the Ministry of Foreign Affairs' Web site highlights the need for Malaysia's government to improve the security of its Web sites and other online systems, said Meling Mudin, an independent security researcher in Kuala Lumpur, Malaysia.

Malaysian authorities need to spend more time educating organizations about security issues and help them to find people with the right skills for the job. "The problem with our government is that people are being transferred left and right, and administrators that know how to do their work end up doing paper work, and vice versa," he said.