US Department of Labor Site Hacked, Directs Visitors to Malware


US-Department-of-Labor-Site-Hacked-Directs-Visitors-to-Malware-2

May 1st, 2013, 14:49 GMT · By Eduard Kovacs

US Department of Labor hacked

AlienVault experts are currently analyzing an attack on the website of the US Department of Labor (dol.gov).

According to the security firm, when users visit the Department of Labor website, a script is executed. This script is designed to probe the victim’s computer to see what versions of Flash, Java, Microsoft Office and Acrobat Reader are running.

It also checks for the presence of several antivirus solutions, including ones from Avira, Bitdefender, AVG, ESET, Avira, Dr. Web, Sophos, F-Secure and Kaspersky.

Once the information is collected and sent to a remote location, a malicious payload is downloaded by exploiting what appears to be CVE-2012-4792, an Internet Explorer vulnerability addressed by Microsoft in January.

The payload is currently detected by 13 of the 46 antivirus engines used by VirusTotal.

Experts have found that the command and control communication protocol used by the malware is the same as the one used by a known Chinese entity dubbed “DeepPanda.”

Tags: , ,

Comments are closed.

%d bloggers like this: