US Treasury Web sites hacked, serving malware

IDG News Service - Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.

AVG researcher Roger Thompson discovered the issue Monday on three Web domains associated with the home page of the U.S. Bureau of Engraving and Printing. As of late Monday, all three Web sites were still actively serving malicious software and the Bureau of Engraving and Printing Web site should be avoided until it's clear that they've been cleaned up, Thompson said in an interview via instant message.

Although the Treasury Department could not be reached for comment, IT staff there appear to be aware of the problem. On Tuesday morning, all three sites had apparently been taken offline and were returning a "page not found" error.

According to Thompson, hackers had added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a Web site in Ukraine that then launched a variety of Web-based attacks based on a commercially available attack-kit called the Eleonore Exploit pack.

The Ukrainian Web site was associated with similar attacks in the past. Those attacks targeted a handful of known software bugs, including flaws in Adobe's Reader software.

The Bureau of Engraving and Printing provides information on U.S. currency -- how to identify counterfeit bills for example -- and just two weeks ago had used its Web site to promote the newly redesigned US$100 bill.

It's not clear how hackers managed to install their malicious code on the Treasury Department's Web sites.