The Latest in IT Security

TSA website link leads to Blackhole exploit kit

01
Jun
2012

The AVG Web Threats research group has detected an obfuscated redirect on a page belonging to a vendor listed by the US Transportation Security Administration (TSA) web site.

Visitors following the link on a TSA page were also served exploits via a Blackhole exploit kit. AVG personnel alerted TSA and the vendor to the problem and the link has been removed.

 The TSA page at http://www.tsa.gov/travelers/airtravel/assistant/locks.shtm contained an image-link to “Travel Sentry” service at http://www.travelsentry.org/.

The company appears to be Swiss judging by the whois contact information for its site.

Earlier in the day the injected script was different, though still detected by AVG, and led to http://walksquestionmark.in/404notfound.

Both of these exploit sites served up a packed script that redirected to a second packed script: an MDAC exploit which attempts to download and run an executable from the same server.

Obfuscated Blackhole script

AVG Web Threats Research Team

Leave a reply


Categories

MONDAY, DECEMBER 16, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments