Malicious iFrame on US Treasury and other sites?

Published: 2010-05-04
Last Updated: 2010-05-04 22:53:38 UTC
by Rick Wanner (Version: 1)
3 comment(s)

We have received a number of emails from readers pointing us to news articles indicating that the US Treasury is in the process of cleaning up malicious iFrame that have infected a number of their sites.  We have also received one report that this particular iFrame redirect has also been found at other sites and that perhaps this may be another registrar related compromise.

If anyone has any further information on whether or not this is bigger than just the US Treasury, we would love to hear it. 

As usual you can send us feedback through the comments to this diary, or via our contact page.

 

-- Rick Wanner - rwanner at isc dot sans dot org

Keywords:
3 comment(s)

Comments

Shameless plug:

A video + screenshot:
http://community.websense.com/blogs/securitylabs/archive/2010/05/04/treasury-websites-compromised.aspx

Jay @ Websense Security Labs
We must all do our part to protect the web beginning with military sites, then commerce and continue on the way down the chain of command. Anyway, here are some helpful information from others on the attack.

http://blog.sucuri.net/2010/05/new-infections-today-at-network.html

http://ddanchev.blogspot.com/2010/05/us-treasury-site-compromise-linked-to.html
I have read that the potential I-frame exploit took advantage of a count meter that was run by a 3rd party on the websites. Is there any truth that this is how the website(s) were able to be exploited. In addition do any of you know if and when Microsoft will release a *.pdf reader. I thank everyone who is working hard here to get to the bottom of these issues.
Diary Archives