My previous blog discussed the injection of malicious JavaScript into the html/JS pages of a Red Cross website. This time victim of similar attack is an Indian government website, namely http://upsc.gov.in/ .
Screen-shot of the UPSC homepage:
Tried to send notification on certain email address found while doing look up on domain name, but messages were rejected.
For those not aware, Virustotal has now launched new functionality that permits you to submit URLs, which will then be checked against popular blocklists. The result for this site shows that none of the lists have yet detected the infection. Additionally, if you submit malicious HTML file, only 8/41 AV engines identify it as malicious.
Pradeep