Wednesday, August 11, 2010

Exploit Kit: government website hack


US Department of Treasury's three website have been compromised to spread malware. this is another good example to demonstrate how easy it is to use automated toolkits and identify security vulnerabilities on a computer and exploit them. These sites belong to the US Bureau of Engraving and Printing, whose primary mission is to produce paper currency for the federal government.
Roger Thompson, chief research officer at AVG, said the attackers injected a malicious IFRAME into the sites, causing visitors to unknowingly be redirected to a hacker-owned site in the Ukraine. The attack site, grepad.com, has previously been flagged as suspicious, according to a StopBadware report.
A spokesperson for the Treasury Department did not immediately respond to a request for comment. It is unclear whether any visitors were infected.Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday.
To cover their tracks, the miscreants behind the compromise tailored it so it attacks only IP addresses that haven't already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit. Indeed, Thompson initially reported that the problem had been fixed until he discovered the sites were merely skipping over laboratory PCs that had already encountered the attack.
Today, we came across an embedded iframe inside of the Department of Treasury website. This iframe (pictured below) is used to silently load one of the elenore exploit kits main URL’s, which in turn determines what’s the best available exploitation method for the browser accessing the site.
for more information on its attack read the panda lab blog