Oklahoma Tax Website Hacked, Spreading Malware
According to the researchers at AVG Technologies (an Internet security company), hackers have hijacked Oklahoma official tax website.
More information about the assault reveals that when people visited the Oklahoma Tax Commission Website, they found a message which asked them to submit to a license agreement from Adobe before downloading software. Although no abnormality was apparent, the security researchers commented that there was malware in the application, which could contaminate computers in case users clicked on 'accept' word of the agreement.
The malware possibly loaded keyloggers to systems that were capable of filching sensitive information such as payment card details, Social Security numbers and other personal data of visitors who logged on the contaminated site.
On closer examination, it was evident that the malicious software originated from estguard.com hosted in Holland. This website in turn connected with an attack website. Using the rotator, the hackers apparently decided the destination of victim, said the AVG security researchers.
Commenting on the hack, Roger Thompson, Chief Researcher at AVG, said that he hoped the site admins of Oklahoma Tax would quickly eliminate the hijacked HTML, as reported by Infosecurity on January 28, 2010.
In addition Thompson said that the kind of attack and its consequences happened to many Web-users, but it was unfortunate that it occurred with a tax site during the current tax-season of 2010.
AVG said that the online criminals were taking advantage of the ongoing trend of people visiting tax websites to submit taxes.
Thus, Thompson advised users not to access the Oklahoma Tax Website till it was cleaned of the malware and brought to normal functioning, as reported by ChannelWeb on January 28, 2010.
Additionally, security specialists suggested that computer users could best foil such kinds of malware attacks via the maintenance of properly patched software and updating of antivirus programs. They could load a behavior-analysis application, which aborted any suspicious action on the system.
Finally, users themselves could exercise caution while surfing on tax websites. They needed to remember that malware distributors and hackers often exploited tax sites for gathering vital credentials off unwitting Web-surfers.
» SPAMfighter News - 06-02-2010