tumblr hit counter

U.S. Treasury Website Hacked Using Exploit Kit

May 4

Updated @ 8PM PST 5/3/2010 — Added Information about Rogueware and two additional government sites affected

Time and time again we talk about how amateur and professional hackers alike are able to use automated toolkits which can identify security vulnerabilities on a computer and exploit them with little or no technical skill necessary for the cyber criminal.  The  spirited script kiddies behind these kits have been running  havoc on the Internet, as many of the kits available can be downloaded in underground forums for free.   Today, we came across an embedded iframe inside of the Department of Treasury website.   This iframe (pictured below) is used to silently load one of the elenore exploit kits main URL’s, which in turn determines what’s the best available exploitation method for the browser accessing the site.

US Treasury - Injected iframe

US Treasury Website - Injected iframe

Upon accessing the US Treasury website (treas.gov, bep.gov, or moneyfactory.gov), the iframe silently redirects victims through statistic servers and exploit packs which will carry the victim onto the second stage of the attack.

US Treasury Website Hack (Session Log)

US Treasury Website Hack (Session Log)

In my case, the exploit kit figured that Java was the best method of infecting my test machine,  although several exploitation methods (mainly PDF) are used by these kits.    It’s still unclear what the original entry point was into the US Treasury website, and I don’t suspect that the US Government will release detailed report about the compromise, but these threats usually make their way onto websites that have outdated server software, web applications, and/or through web application security vulnerabilities such as SQL injection.

After you are infected, your web browser will start redirecting you to ads and other nasty things, such as Rogueware:

Rogueware spread by US GOV website

I would like to use this post to remind you all to update your web applications and web servers just as frequently as you would your own computer. Doing so will help prevent your website from being hacked and used to propagate these threats on the Internet.  You, your visitors, and many others browsing the Internet will remain one step closer to a safer browsing experience on the Internet.

Post to Twitter

  • (15) Comments


  1. Majordomo says:

    Do these researchers contact the victims before they announce these findings?


  1. [...] this link: U.S. Treasury Website Hacked Using Exploit Kit Posted in Security News Tags: browser, compromise, department, exploit, government, iframe, [...]

  2. [...] more information on its attack read the panda lab blog Share and [...]

  3. [...] and PandaLabs are reporting that the web sites of the U.S. Bureau of Engraving and Printing (bep.treas.gov; moneyfactory.gov) are serving client-side vulnerabilities that ultimately expose [...]

  4. [...] test. If they did run a pen test, well then may be its time for a new testing vendor. Panda gives a detailed breakdown. This is the kind of thing that doesn’t inspire confidence in the government’s [...]

  5. [...] iframe has been injected into the main site (still active) and like the previous attack on the US Treasury Website, this campaign also uses the Eleonore exploit pack to distribute the [...]

  6. [...] BTW -  those two snooping “consumer protection” agencies would be located within the Federal Reserve and the U.S. Department of Treasury.  Well, it seems that Treasury is having some data security problems right now.  PandaLabs has located easy-as-pie hacker kits with targets that include the U.S. Treasury. [...]

  7. [...] U.S. Treasury Website Hacked Using Exploit Kit – pandasecurity.com [...]

  8. [...] iframe has been injected into the main site (still active) and like the previous attack on the US Treasury Website, this campaign also uses the Eleonore exploit pack to distribute the [...]

  9. [...] of the latest headline victims of an exploit kit was the US Treasury Website. Panda Security detailed how it happened — and how a new generation of kits or packs can identify security vulnerabilities, [...]

  10. [...] Recently (May 4, 2010) the US Treasury website was hacked using the Eleonore Exploit Pack. You can read about that here. [...]

  11. [...] ที่มา : pandalabs.pandasecurity.com [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!

    Panda Security on Facebook
  • Blogroll

  • Categories