Oil Spiller's Website Infected with Malicious Code

The official website of Transocean, the company which operated the deep water drilling platform that exploded in 2010 and lead to the biggest oil spill disaster in history, was compromised and infected with malicious code.

Swiss-based Transocean is one of the world's largest offshore drilling contractors. The company rents floating drill rigs to oil and gas companies worldwide.

Transocean operated Deepwater Horizon under a contract for BP, the drilling rig which exploded on 20 April 2010 resulting in the release of 4.9 million barrels of crude oil in the Gulf of Mexico.

Researchers from security vendor Websene reported yesterday that Transocean's www.deepwater.com website was infected with two malicious iframes that led visitors to drive-by download exploits.

"A few pages hosting exploit code have been created on the compromised Web server. Some of these pages are referred to by Iframes through the main page of the site.

"The pages use the CVE-2011-1255 vulnerability, which affects Microsoft Internet Explorer versions 6 through 8 and was patched on June 14 2011, and also CVE-2010-2884, a vulnerability in Flash Player that was patched on October 5 2010," the experts explained.

The fact that exploits were hosted on the same server makes this attack a bit unusual, because drive-by attacks normally use externally-hosted malicious code. This suggests that the method of compromise was not the usual SQL injection, but rather a remote file injection (RFI).

Fortunately the issue has since been fixed. "Transocean got in touch with us and we can confirm that the malicious code has now been removed. We appreciate the fast response by the Security team at Transocean," Websense said.

In order to stay protected users should keep their applications up to date, especially those accessible through the browser like Java, Flash Player or Adobe Reader. They should also run an up-to-date antivirus at all times.