All the latest UK technology news, reviews and analysis
|
|
|
04 May 2010
At least three US Treasury department web sites have fallen victim to a code injection attack using iFrames.
Roger Thompson, chief research officer at security firm AVG, told V3.co.uk that it is extremely uncommon for federal government sites to be hacked.
"City and country level sites get hacked all the time in the US and the UK, but it is very unusual to see an attack like this," he said.
The affected sites, which have now been taken down, are bep.gov, bep.treas.gov and moneyfactory.gov.
The attack used an iFrame to add malware to the sites which reportedly sent data via a series of hosted PCs to the controller believed to be in eastern Europe.
Thompson said that the precise method of attack had not been proved, but that there was an 80 per cent chance that it came from the use of a third-party site visitor counter. He suspected the flaw could prove difficult to fix.
"I would not be at all surprised if it does not come back when they restart the sites, in which case we will have a bit of a chuckle and tell them again," he said.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Want to work for one of the most dynamic, creative environments...
Want to work for one of the most dynamic, creative environments...
Roc Search is currently recruiting for an Infrastructure...
Want to work for one of the most dynamic, creative environments...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
80 percent chance???
"80 per cent chance that it came from the use of a third-party site visitor counter." Really? Because from my experience, since the malscript was inserted after the closing html tag, and since the same hosting provider has been hit with numerous other, similar attacks, I'd like to take him up on a bet. I bet it's not the counter software. Visitor counter software is something you add to your site. As far as I know there is no known vulnerabilities in visitor stat counter software. "I would not be at all surprised if it does not come back when they restart the sites, in which case we will have a bit of a chuckle and tell them again," I, personally would not be at all surprised if Roger is wrong, in which case, I'd love everyone to tell him, have a chuckle and tell him again.
Posted by: Thomas J. Raef 05 May 2010
80 Percent???
I just tested a few websites and if the user agent is left generic, the code doesn't show. If the user agent is Internet Explorer, the code shows. How can this be the visitor counter software?
Posted by: Thomas J. Raef 05 May 2010