back to article Hacked US Treasury websites serve visitors malware

Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday. The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    I call shenanigans.

    "Beer said it was unlikely because the hacked Treasury sites contained static HTML pages that aren't susceptible to such exploits."

    And has he gone through the code for every single page, on every Treasury site?

    If not, then how can he say this, as it is entirely possible to run PHP inside .html pages, and some coders will do this in a stupid attempt to "hide" that they are using php.

    Perhaps Joe Blow, who originally designed the sites, put in a few php entries to make things easier. Then, when he was fired, the outsourced coder didn't bother to check the code completely before making his changes.

    Flaws upon flaws, as design moved from person to person, could lead to a compromisable .html page.

  2. James Woods

    nothing to see here

    move along.

    your all bad people for simply not silently reporting these problems to the government.

    your trying to spread discontent for our most transparent administration in history.

    why are you still reading this, move along.

    1. amanfromMars 1 Silver badge

      MSMedicine Online Private Drip Feed [pdf]

      "your all bad people for simply not silently reporting these problems to the government.

      your trying to spread discontent for our most transparent administration in history." .... James Woods Posted Tuesday 4th May 2010 02:25 GMT

      James,

      You may like to consider that here is where governments access SMART AI Programs for Dodgy Operating Systems with Cracked Windows Generating Crazed Vistas.

      Is Microsoft defended against CyberIntelAIgent Security Systems Assault Simulation? If not, now is the time buy into ITs Novel TerraPhorm Program with Lead, for Lucrative Supporting Pro Business Action?

  3. Anonymous Coward
    Stop

    IPCop solution - regexp iframe

    Using ipcop 1.4.21 , url filter, and advanced proxy,

    Login to ipcop | Services | URL Filter | "Custom expression list" field

    add a regexp iframe

    Note: it will break the ability to reply or admin all blogs at *.blogspot.com and probably other websites including your own if you used iframes! However, it can be enabled and disabled via the URL filter interface.

    This is both good and bad. It can serve as a quick test to make sure your blocking iframes when you see there's no reply fields in *.blogspot.com .

    The bad is that your going to physically have to delete/remove it and reload URL Filter, if you want to load an iframe.

    Did I mention I hate iframes? IMO - iframes and frames were a poor design, however I do understand "why" they invented them.

    good luck

  4. Anonymous Coward
    Pint

    Wonder if..

    They will pursue and **demand** the extradition of the miscreants like they have gary mckinnon.

    Oh wait, bet theres no such extradition treaty with russia/china...Or any other bloody country except ours!!!!! (Blighty).

    Beer cos its 8am and i need one alrready.

  5. Anonymous Coward
    Megaphone

    Real world testing

    If water finds it's way through a leaky roof, do you prosecute or fix the hole?

  6. John Savard

    Domain

    If there is malicious code at grepad.com, why hasn't this domain been pulled from the Internet so that the exploit will stop working? If the domain owners are innocent, and their computers have been hacked too, the domain can be reactivated after those computers have been cleaned and secured. It's time for ICANN to be as tough on this sort of thing as ISPs are with individual customers.

  7. Destroy All Monsters Silver badge
    Pint

    A new form of Keynesianism

    For once the treasury is not injecting money, but malware.

    The result is the same though: stuff first blows up, then crashes.

  8. Walking Turtle
    Gates Horns

    So let us start...

    by admonishing Young Master Timothy "Foulmouth" Geithner that the .XXX sites really are for weekends at home... Through ones' own ISP account...?

    Safety first!

  9. jinlye

    White hat-hackers

    What's a hat-hacker, and what difference does it make as to what color they are? From the article: "...it attacks only IP addresses that haven't already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit."

    Maybe what was meant was white-hat hackers, rather than white hat-hackers.

    Sorry to be so pedantic...

This topic is closed for new posts.