Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

U.S. Treasury Site Compromise Linked to the NetworkSolutions Mass WordPress Blogs Compromise
DANCHO DANCHEV - Blog ^ | May 4, 2010; Updated May 8, 2010 | Posted by Dancho Danchev

Posted on 05/11/2010 12:15:07 AM PDT by Cindy

TUESDAY, MAY 04, 2010

"U.S. Treasury Site Compromise Linked to the NetworkSolutions Mass WordPress Blogs Compromise"

SNIPPET: "UPDATED: Saturday, May 08, 2010: 5 new domains have been introduced by the same gang, once again parked at 217.23.14.14, AS49981, WorldStream."

(Excerpt) Read more at ddanchev.blogspot.com ...


TOPICS: Computers/Internet; Government; History; Reference
KEYWORDS: blogs; internet; malicioussoftware; malware; networksolutions; scareware; treasury; treasurydepartment; treasurydotgov; ustreasury; website; wordpress; worldstream

1 posted on 05/11/2010 12:15:07 AM PDT by Cindy
[ Post Reply | Private Reply | View Replies]

To: All

Previously...

http://www.computerworld.com/s/article/9176278/US_Treasury_Web_sites_hacked_serving_malware

“US Treasury Web sites hacked, serving malware”
By Robert McMillan
May 4, 2010 06:03 AM

SNIPPET: “IDG News Service - Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.”

SNIPPET: “According to Thompson, hackers had added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a Web site in Ukraine that then launched a variety of Web-based attacks based on a commercially available attack-kit called the Eleonore Exploit pack.

The Ukrainian Web site was associated with similar attacks in the past. Those attacks targeted a handful of known software bugs, including flaws in Adobe’s Reader software.”


2 posted on 05/11/2010 12:26:23 AM PDT by Cindy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cindy
This has got to be Leo Kuvayev's bunch again ..... the "Russian Business Network" gang.

We really need to send some people over to go kinetic on those guys -- just a whole bunch of them, all at once.

3 posted on 05/11/2010 12:53:18 AM PDT by lentulusgracchus
[ Post Reply | Private Reply | To 2 | View Replies]

To: Cindy

Yeah well it wasn’t just the Govt sites that got hit. ALL of the sites I host on their servers were similarly infected. Every index.html or similar “Default” web page on the server seemed to be infected and had to be replaced with clean code. I spent 2 hours on hold waiting to hear what happened and never did get a straight answer from Network Solutions as to how they got compromised. It appeared to me that MANY of their shared hosting systems had been hit and from the volume of tech support calls they were getting according to the tech I spoke with eventually, it might have been an entire hosting farm.


4 posted on 05/11/2010 2:37:34 AM PDT by gtwizard (Just the facts jack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: gtwizard

I’m sorry you experienced that situation, gtwizard.


5 posted on 05/11/2010 2:38:59 AM PDT by Cindy
[ Post Reply | Private Reply | To 4 | View Replies]

To: gtwizard

More information regarding other sites that hit in the article posted in post no. 1 and also here:

http://blog.sucuri.net/2010/05/new-infections-today-at-network.html


6 posted on 05/11/2010 2:42:04 AM PDT by Cindy
[ Post Reply | Private Reply | To 4 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson