Skip to comments.U.S. Treasury Site Compromise Linked to the NetworkSolutions Mass WordPress Blogs Compromise
Posted on 05/11/2010 12:15:07 AM PDT by Cindy
TUESDAY, MAY 04, 2010
"U.S. Treasury Site Compromise Linked to the NetworkSolutions Mass WordPress Blogs Compromise"
SNIPPET: "UPDATED: Saturday, May 08, 2010: 5 new domains have been introduced by the same gang, once again parked at 188.8.131.52, AS49981, WorldStream."
(Excerpt) Read more at ddanchev.blogspot.com ...
“US Treasury Web sites hacked, serving malware”
By Robert McMillan
May 4, 2010 06:03 AM
SNIPPET: “IDG News Service - Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.”
SNIPPET: “According to Thompson, hackers had added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a Web site in Ukraine that then launched a variety of Web-based attacks based on a commercially available attack-kit called the Eleonore Exploit pack.
The Ukrainian Web site was associated with similar attacks in the past. Those attacks targeted a handful of known software bugs, including flaws in Adobe’s Reader software.”
We really need to send some people over to go kinetic on those guys -- just a whole bunch of them, all at once.
Yeah well it wasn’t just the Govt sites that got hit. ALL of the sites I host on their servers were similarly infected. Every index.html or similar “Default” web page on the server seemed to be infected and had to be replaced with clean code. I spent 2 hours on hold waiting to hear what happened and never did get a straight answer from Network Solutions as to how they got compromised. It appeared to me that MANY of their shared hosting systems had been hit and from the volume of tech support calls they were getting according to the tech I spoke with eventually, it might have been an entire hosting farm.
I’m sorry you experienced that situation, gtwizard.
More information regarding other sites that hit in the article posted in post no. 1 and also here: