Malicious iFrame on US Treasury and other sites?

Published: 2010-05-04. Last Updated: 2010-05-04 22:53:38 UTC
by Rick Wanner (Version: 1)
3 comment(s)

We have received a number of emails from readers pointing us to news articles indicating that the US Treasury is in the process of cleaning up malicious iFrame that have infected a number of their sites.  We have also received one report that this particular iFrame redirect has also been found at other sites and that perhaps this may be another registrar related compromise.

If anyone has any further information on whether or not this is bigger than just the US Treasury, we would love to hear it. 

As usual you can send us feedback through the comments to this diary, or via our contact page.

 

-- Rick Wanner - rwanner at isc dot sans dot org

Keywords:
3 comment(s)

Comments

Shameless plug:

A video + screenshot:
http://community.websense.com/blogs/securitylabs/archive/2010/05/04/treasury-websites-compromised.aspx

Jay @ Websense Security Labs

Jay

May 4th 2010
1 decade ago

We must all do our part to protect the web beginning with military sites, then commerce and continue on the way down the chain of command. Anyway, here are some helpful information from others on the attack.

http://blog.sucuri.net/2010/05/new-infections-today-at-network.html

http://ddanchev.blogspot.com/2010/05/us-treasury-site-compromise-linked-to.html

Danster

May 5th 2010
1 decade ago

I have read that the potential I-frame exploit took advantage of a count meter that was run by a 3rd party on the websites. Is there any truth that this is how the website(s) were able to be exploited. In addition do any of you know if and when Microsoft will release a *.pdf reader. I thank everyone who is working hard here to get to the bottom of these issues.

Danster

May 7th 2010
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives