User topics

Article topics

Log in Sign up

Hacked US Treasury websites serve visitors malware

Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday. The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 4th May 2010 02:25 GMT Anonymous Coward

I call shenanigans.

"Beer said it was unlikely because the hacked Treasury sites contained static HTML pages that aren't susceptible to such exploits."

And has he gone through the code for every single page, on every Treasury site?

If not, then how can he say this, as it is entirely possible to run PHP inside .html pages, and some coders will do this in a stupid attempt to "hide" that they are using php.

Perhaps Joe Blow, who originally designed the sites, put in a few php entries to make things easier. Then, when he was fired, the outsourced coder didn't bother to check the code completely before making his changes.

Flaws upon flaws, as design moved from person to person, could lead to a compromisable .html page.

0 0
Tuesday 4th May 2010 02:25 GMT James Woods

nothing to see here

move along.

your all bad people for simply not silently reporting these problems to the government.

your trying to spread discontent for our most transparent administration in history.

why are you still reading this, move along.

0 2
1. Tuesday 4th May 2010 09:40 GMT amanfromMars 1
  
  MSMedicine Online Private Drip Feed [pdf]
  
  "your all bad people for simply not silently reporting these problems to the government.
  
  your trying to spread discontent for our most transparent administration in history." .... James Woods Posted Tuesday 4th May 2010 02:25 GMT
  
  James,
  
  You may like to consider that here is where governments access SMART AI Programs for Dodgy Operating Systems with Cracked Windows Generating Crazed Vistas.
  
  Is Microsoft defended against CyberIntelAIgent Security Systems Assault Simulation? If not, now is the time buy into ITs Novel TerraPhorm Program with Lead, for Lucrative Supporting Pro Business Action?
  
  0 1
Tuesday 4th May 2010 04:21 GMT Anonymous Coward

IPCop solution - regexp iframe

Using ipcop 1.4.21 , url filter, and advanced proxy,

Login to ipcop | Services | URL Filter | "Custom expression list" field

add a regexp iframe

Note: it will break the ability to reply or admin all blogs at *.blogspot.com and probably other websites including your own if you used iframes! However, it can be enabled and disabled via the URL filter interface.

This is both good and bad. It can serve as a quick test to make sure your blocking iframes when you see there's no reply fields in *.blogspot.com .

The bad is that your going to physically have to delete/remove it and reload URL Filter, if you want to load an iframe.

Did I mention I hate iframes? IMO - iframes and frames were a poor design, however I do understand "why" they invented them.

good luck

0 0
Tuesday 4th May 2010 09:44 GMT Anonymous Coward

Wonder if..

They will pursue and **demand** the extradition of the miscreants like they have gary mckinnon.

Oh wait, bet theres no such extradition treaty with russia/china...Or any other bloody country except ours!!!!! (Blighty).

Beer cos its 8am and i need one alrready.

0 0
Tuesday 4th May 2010 10:09 GMT Anonymous Coward

Real world testing

If water finds it's way through a leaky roof, do you prosecute or fix the hole?

0 0
Tuesday 4th May 2010 13:06 GMT John Savard

Domain

If there is malicious code at grepad.com, why hasn't this domain been pulled from the Internet so that the exploit will stop working? If the domain owners are innocent, and their computers have been hacked too, the domain can be reactivated after those computers have been cleaned and secured. It's time for ICANN to be as tough on this sort of thing as ISPs are with individual customers.

2 0
Tuesday 4th May 2010 22:59 GMT Destroy All Monsters

A new form of Keynesianism

For once the treasury is not injecting money, but malware.

The result is the same though: stuff first blows up, then crashes.

0 0
Wednesday 5th May 2010 09:41 GMT Walking Turtle

So let us start...

by admonishing Young Master Timothy "Foulmouth" Geithner that the .XXX sites really are for weekends at home... Through ones' own ISP account...?

Safety first!

0 0
Thursday 6th May 2010 16:03 GMT jinlye

White hat-hackers

What's a hat-hacker, and what difference does it make as to what color they are? From the article: "...it attacks only IP addresses that haven't already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit."

Maybe what was meant was white-hat hackers, rather than white hat-hackers.

Sorry to be so pedantic...

0 0

This topic is closed for new posts.

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2025