The threat is disguised as a DivX plugin hosted on a Facebook page
Another Turkish government website has been hacked. However, this time, hacktivists have nothing to do with it.According to Webroot, a website of Turkey’s Ministry of National Education, manisahem.gov.tr, has been compromised and set up to serve a piece of malware disguised as a DivX plugin.
The malware is hosted on a page called “giorgia.html” that’s designed to replicate Facebook. Here, users are instructed to download a DivX plugin in order to view a video. The computers of Internauts who download the malware automatically join a botnet operated by cybercriminals.
At the time of writing, the malicious page is still present on the Turkish government website. On the other hand, more and more antivirus applications are starting to detect the malware.
The best way to protect yourself against such threats is to avoid downloading files from untrusted websites. Also, make sure an antivirus is running on your computer, since in most cases, it will block the attack.
Even if certain pieces of malware are not detected based on their signatures, modern antivirus applications are capable of identifying a threat based on its behavior.