The Latest in IT Security

AVG Web Threat weekly update: US.gov site serving rogues, Flash updates and exploits

30
Mar
2012

AVG analysts spotted a script-injection hack on web site of the District of Columbia, USA. The malicious change to the Web page takes visitors to a variety of malicious downloads.

The USA capital Washington is in the District of Columbia. The intruders put script on the page that lists the D.C. “Directory of Agencies and Services.”

AVG has notified the US-CERT of the intruder attack.

District of Columbia

.gov website District of Columbia website

The injected script looks like this.

Script injection

Users visiting the page will be redirected to a fake scanning page in Internet Explorer:

fake Internet Explorer site

If using Firefox browser, you will be redirected to a fake Flash update:

Fake flash site

The fakeAV and fake Flash update pages download a file named scandsk.exe:

Fake AV site

The fake AV and fake Flash update pages also contain a 1×1 iframe that loads a src=”i.html” exploit:

The “i.html” loads a multisploit that uses PluginDetect to switch between various malicious JAVA and malicious PDF files to be served to the victim.

There’s good news for AVG users, as you are protected from each of these threats in a number of ways.

This report is by the AVG Threat Research Group

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments