US Treasury websites hacked, serving malware

Visitors redirected to a website in the Ukraine

Three websites belonging to the US Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.

AVG researcher Roger Thompson discovered the issue on Monday on three web domains associated with the home page of the US Bureau of Engraving and Printing. As of late Monday, all three websites were still actively serving malicious software and the Bureau of Engraving and Printing website should be avoided until it's clear that they've been cleaned up, Thompson says.

Although the Treasury Department could not be reached for comment, IT staff there appear to be aware of the problem. On Tuesday morning, all three sites had apparently been taken offline and were returning a "page not found" error.

According to Thompson, hackers had added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a website in the Ukraine that then launched a variety of web-based attacks based on a commercially available attack-kit called the Eleonore Exploit pack.

The Ukrainian website was associated with similar attacks in the past. Those attacks targeted a handful of known software bugs, including flaws in Adobe's Reader software.

The Bureau of Engraving and Printing provides information on US currency — how to identify counterfeit bills for example — and just two weeks ago had used its website to promote the newly redesigned US$100 bill.

It's not clear how hackers managed to install their malicious code on the Treasury Department's websites.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Security ID

Show Comments