IDG News Service - Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.
AVG researcher Roger Thompson discovered the issue Monday on three Web domains associated with the home page of the U.S. Bureau of Engraving and Printing. As of late Monday, all three Web sites were still actively serving malicious software and the Bureau of Engraving and Printing Web site should be avoided until it's clear that they've been cleaned up, Thompson said in an interview via instant message.
Although the Treasury Department could not be reached for comment, IT staff there appear to be aware of the problem. On Tuesday morning, all three sites had apparently been taken offline and were returning a "page not found" error.
According to Thompson, hackers had added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a Web site in Ukraine that then launched a variety of Web-based attacks based on a commercially available attack-kit called the Eleonore Exploit pack.
The Ukrainian Web site was associated with similar attacks in the past. Those attacks targeted a handful of known software bugs, including flaws in Adobe's Reader software.
The Bureau of Engraving and Printing provides information on U.S. currency -- how to identify counterfeit bills for example -- and just two weeks ago had used its Web site to promote the newly redesigned US$100 bill.
It's not clear how hackers managed to install their malicious code on the Treasury Department's Web sites.
- 5 Customers Deliver Virtual Desktops and Apps to Empower a Modern Workforce Learn how Citrix solutions helped 5 companies realize the full value of desktop virtualization through a project-by-project approach based on key business priorities.
- Mitigate Risk and Accelerate Time to Value Download this white paper to learn how your IT organization can accelerate business, introduce new services, and reach new markets, all while staying...
- Allay Risks in Application Rationalization and Modernization IT has to do it all: react quickly to market needs, introduce new services, capitalize on mobile, and comply with regulatory requirements, all...
- Delivering Application Data On-Demand Packaged app dev teams frequently operate with limited testing environments due to various constraints. By virtualizing the entire application stack, Delphix-powered teams can...
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Applications White Papers | Webcasts