Original URL: http://www.theregister.co.uk/2013/05/01/dol_website_hack_malware/

US Labor Dept website serving malware to innocent visitors

Blag bears signature of notorious Chinese DeepPanda

By Team Register

Posted in Security, 1st May 2013 16:27 GMT

The US Department of Labor's website has been hacked and malicious code stuck behind the scenes, security tools firm AlienVault says.

Since yesterday, the DoL site has been serving out malicious code that installs malware on unsuspecting users' computers, AlienVault's labs director Jaime Blasco told The Register.

The DoL said that it was working on the problem, but had no other comment on the hack.

Browsers execute a script from a malicious server when folks visit the affected site, the DoL's Site Exposure Matrices microsite. The infected script collects information including Flash versions, PDF plugins and MS Office versions from users' systems. Captured data is then uploaded to the hackers' server, AlienVault discovered.

The malware also checks if the target's system is running antivirus programs like McAfee, AVG or Sophos. If it detects the popular Bitdefender free anti-virus program, the malware will try to deactivate the AV suite.

"Some of the techniques used in this attack are very similar to the ones we identified a few months ago in an attack against a Thailand NGO website," Blasco said in a blog post.

The command-and-control protocol matches a backdoor used by a known Chinese hacker called DeepPanda.

AlienVault said it was still investigating the attack. ®