Security vendors Sophos (sophos.com) and McAfee (mcafee.com) announced on September 13, 2007 that two US Department of State Web sites in Russia should be avoided because they could contain malware. Earlier this week, the Web site for the US Consulate General in Saint Petersburg, Russia (stpetersburg.usconsulate.gov) was compromised by hackers and believed to be serving up malicious software to visitors, but has since been cleaned up.

Sophos said the attack was part of a larger campaign by cyber criminals in which vulnerable Web servers were targeted. This resulted in more than 400 Web pages around the world being infected over the last week, with the majority of the compromised pages hosted in Russia.

"This latest attack highlights the fact that no organization is immune from infection and that no matter what the size of the company, it must defend its Web pages fully to avoid being stung," claimed Fraser Howard, principal virus researcher at SophosLabs. "The hackers have reeled in a big fish on this occasion and will no doubt be very pleased with their catch of the day. Unfortunately, while high profile sites such as the US Consulate can be cleaned up quickly, we are seeing a dangerous number of companies that are failing to act responsibly to retain the sanctity of their sites."

McAfee's SiteAdvisor software is now warning Web surfers not to visit the State Department's Moscow embassy Web site because it has been associated with email messages that contained computer viruses.