The Latest in IT Security

TSA website link leads to Blackhole exploit kit


The AVG Web Threats research group has detected an obfuscated redirect on a page belonging to a vendor listed by the US Transportation Security Administration (TSA) web site.

Visitors following the link on a TSA page were also served exploits via a Blackhole exploit kit. AVG personnel alerted TSA and the vendor to the problem and the link has been removed.

 The TSA page at contained an image-link to “Travel Sentry” service at

The company appears to be Swiss judging by the whois contact information for its site.

Earlier in the day the injected script was different, though still detected by AVG, and led to

Both of these exploit sites served up a packed script that redirected to a second packed script: an MDAC exploit which attempts to download and run an executable from the same server.

Obfuscated Blackhole script

AVG Web Threats Research Team

Leave a reply


MONDAY, APRIL 06, 2020

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments