Hacked US Treasury Department Websites Redirect Visitors to Malware Site

According to a security researcher, if visitors visit some of the websites of US Treasury department, it will take them to sites that install malware to their PCs.  The infected sites are bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts via iframe from grepad.com, Roger Thompson, chief research officer of AVG Technologies, told The Register. The code was discovered late Sunday night.

The attackers masterminded it such a way that it only attacks those IP addresses that haven’t already visited the Treasury websites. That makes it very difficult for the law enforcement department to track the attack. Thompson initially said that the problem has been fixed, but, he discovered afterward that the sites are skipping over laboratory PCs that had already encountered the attack.

Dean De Beer, founder and CTO of security consultancy zero(day)solutions further commented that the attack may be related to the infections of hundreds of sites couple of weeks ago that are hosted by Network Solutions and GoDaddy. Incidentally, the Treasury websites are hosted by Network Solutions.

Thompson thought that the attack might be the result of someone exploiting a SQL injection vulnerability on the Treasury websites. But, after going through everything, De Beer said it was unlikely because the hacked Treasury sites contained static HTML pages that aren’t susceptible to such attack.