[ISN] Hacked US Treasury websites serve visitors malware

From: InfoSec News <alerts_at_private>
Date: Tue, 4 May 2010 00:45:20 -0500 (CDT)
http://www.theregister.co.uk/2010/05/03/treasury_websites_attack/

By Dan Goodin in San Francisco 
The Register
3rd May 2010

Updated - Websites operated by the US Treasury Department are 
redirecting visitors to websites that attempt to install malware on 
their PCs, a security researcher warned on Monday.

The infection buries an invisible iframe in bep.treas.gov, 
moneyfactory.gov, and bep.gov that invokes malicious scripts from 
grepad.com, Roger Thompson, chief research officer of AVG Technologies, 
told The Register. The code was discovered late Sunday night and was 
active at time of writing, about 12 hours later.

To cover their tracks, the miscreants behind the compromise tailored it 
so it attacks only IP addresses that haven't already visited the 
Treasury websites. That makes it harder for white hat-hackers and law 
enforcement agents to track the exploit. Indeed, Thompson initially 
reported that the problem had been fixed until he discovered the sites 
were merely skipping over laboratory PCs that had already encountered 
the attack.

The attack is most likely related to mass infections that two weeks ago 
hit hundreds of sites hosted by Network Solutions and GoDaddy, said Dean 
De Beer, founder and CTO of security consultancy Zero(day) Solutions.

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/ 
Received on Mon May 03 2010 - 22:45:20 PDT

This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 22:58:53 PDT