Hacked US Treasury Department Websites Redirect Visitors to Malware Site

By Dipankar Das, Gaea News Network
Tuesday, May 4, 2010

teasury According to a security researcher, if visitors visit some of the websites of US Treasury department, it will take them to sites that install malware to their PCs.  The infected sites are bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts via iframe from grepad.com, Roger Thompson, chief research officer of AVG Technologies, told The Register. The code was discovered late Sunday night.

The attackers masterminded it such a way that it only attacks those IP addresses that haven’t already visited the Treasury websites. That makes it very difficult for the law enforcement department to track the attack. Thompson initially said that the problem has been fixed, but, he discovered afterward that the sites are skipping over laboratory PCs that had already encountered the attack.

Dean De Beer, founder and CTO of security consultancy zero(day)solutions further commented that the attack may be related to the infections of hundreds of sites couple of weeks ago that are hosted by Network Solutions and GoDaddy. Incidentally, the Treasury websites are hosted by Network Solutions.

Thompson thought that the attack might be the result of someone exploiting a SQL injection vulnerability on the Treasury websites. But, after going through everything, De Beer said it was unlikely because the hacked Treasury sites contained static HTML pages that aren’t susceptible to such attack.

Discussion
September 21, 2010: 6:57 am

It is really good.

Thanks

May 6, 2010: 11:13 am

As attacks like this become more and more common the need for talented whitehat hackers grows. Hopefully with more and more schools having penetration testing programs available we will continue to have a steady stream of talented whitehat hackers to help protect our network infrastructure.

May 5, 2010: 7:24 pm

Wow. How can this be done? Did they track down who did it?

May 5, 2010: 2:10 am

Thanks for this important update.Wasn’t aware of it before reading this post.Relieved to know that the codes have been discovered otherwise it would have lead to further difficulties.Going by the details given over here,the masterminds of such attacks did it in a very clever manner.Hope they are found out soon and punished for their deeds.Look forward to further updates from you in this matter.

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :