By: ThreatLabz

China’s NCGA Government Site Infected With Hidden Malicious Iframe

Compromise

Today, we discovered that NingBo SME Credit Guarantee Association (NCGA), a Chinese government web site, is infected with a malicious hidden IFRAME. Of the infected page, is one where member registration is required. Here is the infected webpage:

 

 

The iframe is injected at the bottom of the webpage (hxxp://nbdb.nbsme.gov.cn/reg.asp). and the following is a screenshot of the infected iframe:

The malicious iframe when decoded points to additional JavaScript. Here is the decoded script,

 

Currently, above mentioned malicious site is down.

Be Safe.

Umesh

 

 

Learn more about Zscaler.