AVG analysts spotted a script-injection hack on web site of the District of Columbia, USA. The malicious change to the Web page takes visitors to a variety of malicious downloads.
The USA capital Washington is in the District of Columbia. The intruders put script on the page that lists the D.C. “Directory of Agencies and Services.”
AVG has notified the US-CERT of the intruder attack.
.gov website District of Columbia website
The injected script looks like this.
Script injection
Users visiting the page will be redirected to a fake scanning page in Internet Explorer:
fake Internet Explorer site
If using Firefox browser, you will be redirected to a fake Flash update:
Fake flash site
The fakeAV and fake Flash update pages download a file named scandsk.exe:
The fake AV and fake Flash update pages also contain a 1×1 iframe that loads a src=”i.html” exploit:
The “i.html” loads a multisploit that uses PluginDetect to switch between various malicious JAVA and malicious PDF files to be served to the victim.
There’s good news for AVG users, as you are protected from each of these threats in a number of ways.
This report is by the AVG Threat Research Group
Leave a reply
