United States DoL Website Dispersing Malware to Innocent Internauts

The United Sates Department of Labor (DoL) Website is the recent high-level government website to be infected by cybercriminals. Researchers at a number of security companies reported recently that the website was hosting malware and taking the recipient to a website hosting the Poison Ivy remote access Trojan, as published by threatpost.com dated May 1, 2013.

The guilty put the JavaScript onto the DoL's Website Exposure Matrices (SEM) Website, which includes details of poisonous substance at U.S. Department of Energy, enhances that sent visitors to other site hosting an exploit for CVE 2012-4792 targeting Windows XP users executing internet Explorer version 6-8.

The malware has been deleted and law enforcement is investigating the attack.

Elaborating more about it, security researcher said that if a system was successfully infected by malicious code executing on the department of Labor's Website, it would "phone home" to a command-and-control (C&C) server that's exploited as a Microsoft update server.

The malware which was installed by the malicious code also verifies if the target's system is executing AV programs like AVG, Sophos or McAfee. In case it finds the famous Bitdefender free AV program, the malicious software will disable the anti-virus suite.

Director of AlientVault, Jaime Blasco, and Labs claims that as soon on Wednesday (May 1, 2013) morning, as per the virusTotal, the downloaded code was being flagged as malicious by merely two out of 46 antivirus scanners. But after that in one day it has increased to 13 AV Scanner, according to news printed by informationweek.com dated April 1, 2013.

The C&C protocol harmonizes a backdoor employed by a well-known Chinese hacker referred to as Deep Panda.

Security intelligence firm Crowd Strike has attached Deep Panda to a many of advanced persistent threat (APT) attacks, observing that the group's attacks "target various strategic interests of the United States also high tech/heavy industry, non-governmental organizations (NGOs), state/federal government, defense industrial base (DIB), and organizations with huge economic interests."

In the recent months, the U.S. and China have conflicted over cyber security. U.S. companies have become increasingly vocal over what they say are technically sophisticated long-term infiltration campaigns originating from within China.

Related article: United States Antarctic Program Blocks P2P File Sharing Applications

» SPAMfighter News - 5/6/2013