CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 4th, 2010

US Treasury Department Websites Infect Visitors With Malware

Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday.

The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief research officer of AVG Technologies said. The code was discovered late Sunday night and was active at time of writing, about 12 hours later.

To cover their tracks, the miscreants behind the compromise tailored it so it attacks only IP addresses that haven’t already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit. Indeed, Thompson initially reported that the problem had been fixed until he discovered the sites were merely skipping over laboratory PCs that had already encountered the attack.

The attack is most likely related to mass infections that two weeks ago hit hundreds of sites hosted by Network Solutions and GoDaddy, said Dean De Beer, founder and CTO of security consultancy zero(day)solutions.

He made that assessment based on the observation that the compromised Treasury websites are hosted at Network Solutions and the owner of grepad.com is also the owner of record for most of the websites used in the earlier attacks.

“There’s a very high probability that it’s the same person,” De Beer said. “The only things that are changing are the domains.”

Earlier, Thompson speculated the attack might be the result of someone exploiting a SQL injection vulnerability on the Treasury websites. After investigating that possibility, De Beer said it was unlikely because the hacked Treasury sites contained static HTML pages that aren’t susceptible to such exploits.

No comments were made by the media representatives at the Treasury Department.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Multiple TechCrunch Websites Compromised, Infect Visitors With Malware
  • Department of Homeland Security Website Hacked During Mass Web Attacks
  • Phoenix Mars Lander Website Defaced By Script Kiddies
  • Thousands Of High-Ranked Webpages Infected With Malware, Including Intljobs.org, WSJ.com, tomtom.com.tw
  • More Websites Are Compromised, This Time Avoiding Chinese Websites And Users

    • Posted in Breaches And Incidents, Hacked, Malware, Mass Web Attacks | Print This Post Print This Post

    This entry was posted on Tuesday, May 4th, 2010 at 5:59 am and is filed under Breaches And Incidents, Hacked, Malware, Mass Web Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: US Treasury Department Websites Infect Visitors With Malware

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »