U.S. Department of Labor Web Site Hacked, Serves Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

AlienVault researchers are reporting that the U.S. Department of Labor's Site Exposure Matrices (SEM) Web site has been hacked and is serving malicious code (h/t E Hacking News).

According to the researchers, the malware collects system information and uploads it to a remote server -- the information collected includes version and OS details of the Java, Microsoft Office, Adobe Reader, and Flash software running on the system, and whether or not any of 11 different types of anti-virus software are running on the system.

"Some of the techniques used in this attack are very similar to the ones we identified a few months ago in an attack against a Thailand NGO Web site," writes AlienVault researcher Jaime Blasco.

The malware then exploits the Internet Explorer vulnerability CVE-2012-4792, downloads an additional malicious payload, and connects to a command and control server for further instructions.

"The C&C protocol matches with a backdoor used by a known chinese actor called DeepPanda and described by CrowdStrike [PDF file]," Blasco writes.