US Treasury website hacked

Online criminals have succeeded in embedding an iFrame on the US Treasury Department's website. It is used to secretly load one of the main URLs of the Eleonore Exploit Kit.

The kit summarizes various exploits for different browsers or other popular applications and provides the best method to spy on the security vulnerability of the browser in question. Luis Corrons, the director of PandaLabs, has summarized the attack scenario in detail on his blog.

The iFrame guides visitors to the hacked website (treas.gov, bep.gov or moneyfactory.gov) unnoticed through statistical servers and exploit packs. Luis Corrons' exploit kit found a security hole in Java that was the easiest way to infect the system in his case.

.

It is so far unclear which vulnerability on the US Treasury website allowed the intrusion. What is certain, however, is that these attacks usually always exploit loopholes caused by outdated server software, web applications or security loopholes in web applications such as SQL injections. After a successful infection, the browser of the infected PC will redirect its victim to other applications, in the example of Corrons, to rogueware, i.e. fake antivirus software.

For secure web browsing, Corrons reminds you to install every new update for all web applications and all server software without delay.

The entire blog entry is on the PandaLabs blog available in English. (mh)