Hackers attack Spanish and Iranian sites

Cross site scripting vulnerabilities allow attackers to inject code into legitimate web pages

Security experts are warning web site administrators to be more alert to the dangers of cross site scripting (XSS) attacks after it was revealed that the Spanish EU presidency site and the official site of the Iranian president have been hacked.

Hackers yesterday took advantage of XSS vulnerabilities to compromise the site of the Spanish presidency of the EU, posting a picture of Spanish prime minister lookalike Mr Bean on the site.

Although there appears to have been no malicious intent, the dangers of XSS attacks should not be underestimated, according to Rik Ferguson, senior security advisor at Trend Micro.

"XSS vulnerabilities allow attackers to inject code into innocent web pages in which it would not otherwise appear. This can be used to steal information such as logins or banking credentials, redirect users to malicious web sites or even to directly infect visitors to the site," explained Ferguson in a blog posting.

"The real problem is that many web site admins are unaware of the dangers, and even some security companies continue to underestimate and downplay the importance of XSS vulnerabilities and attacks."

In a separate attack, details of which have yet to fully emerge, the official web site of President Ahmadinejad of Iran appears to have been hacked by parties hostile to the current administration.

According to Ferguson, the site is currently hosting a file called 'owned.txt' at the URL www.ahmadinejad.ir/userfiles/file/owned.txt, which reads:

"Dear God, In 2009 you took my favorite singer - Michael Jackson, my favorite actress - Farrah Fawcett, my favorite actor - Patrick Swayze, my favorite voice - Neda. Please, please, don't forget my favorite politician - Ahmadinejad and my favorite dictator - Khamenei in the year 2010. Thank you."