By Dan Goodin in San Francisco
The Register
3rd May 2010
Updated - Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday.
The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief research officer of AVG Technologies, told The Register. The code was discovered late Sunday night and was active at time of writing, about 12 hours later.
To cover their tracks, the miscreants behind the compromise tailored it so it attacks only IP addresses that haven't already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit. Indeed, Thompson initially reported that the problem had been fixed until he discovered the sites were merely skipping over laboratory PCs that had already encountered the attack.
The attack is most likely related to mass infections that two weeks ago hit hundreds of sites hosted by Network Solutions and GoDaddy, said Dean De Beer, founder and CTO of security consultancy Zero(day) Solutions.
[...]
skip to main |
skip to sidebar
10% off Kaspersky Internet Security 2010
10% off Kaspersky Internet Security 2010 - Everything you Need for a Secure and Safe Internet Experience Offer Expires 08/10/10
Coupon Code: KASUK10%OFF
10% off Kaspersky Internet Security 2010
10% off Kaspersky Internet Security 2010 - Everything you Need for a Secure and Safe Internet Experience Offer Expires 08/10/10
Coupon Code: KASUK10%OFF
Huge Discounts with iRemove
