US Treasury Websites Hijacked

According to the news published by scmagazineus.com on May 3, 2010, a security researcher said that three websites of US Department of Treasury have been hacked to distribute malware.

The compromised websites are of the US Bureau of Engraving and Printing, which is primarily responsible for the production of paper currency for the US federal government.

Chief Researcher Officer of AVG, Roger Thompson revealed that attackers infused a malicious IFRAME into the websites, which led visitors to be inadvertently redirected to a Ukraine-based website that was owned by hackers, reported scmagazineus.com on May 3, 2010.

The hackers have tailored this hack so as to attack only those IP addresses that were new to the Treasury websites. This makes is a tough task for security experts and law enforcement agencies to trace the hijack.

In fact, another Threat Researcher and Security Evangelist for security firm PandaLabs, Sean-Paul Correll has supported this hacking theory presented by Thompson.

Besides the above two researchers, Dean De Beer, Founder and CTO of security consultancy Zero(day) Solutions, also expressed his views on this issue. He said that this latest attack is most probably related to the mass attacks that targeted hundreds of websites hosted by GoDaddy and Network Solutions, as per the news published by theregister.co.uk on May 3, 2010.

De Beer's opinion was based on the observation that the host of the hijacked Treasury websites was Network Solutions and the owner of grepad.com is the record-holder for majority of websites abused in previous attacks. He said that there's a huge possibility that it's the same man behind this attack. The only things that are constantly changing are the targeted domains, he added.

Thompson earlier suspected that the assault might be due to someone abusing SQL injection vulnerability on the websites of the Treasury Department. Having probed into that possibility, De Beer stated that it's highly unlikely as the hijacked sites had static HTML pages which are not vulnerable to such abuses.

It is worth mentioning that it's not the first incident of a prestigious US website being compromised to distribute malware. Two years back in May 2008, the website of former President George W. Bush, WhiteHouse.org, was hijacked, which resulted in injecting malicious code on to the computers of the visitors.

Related article: US Passes Baton to Asia in Spam Relay

» SPAMfighter News - 5/13/2010