Home » News » Computer Security » US Treasury Website Compromised

US Treasury Website Compromised

By Bryan on May 5, 2010 | Computer Security, Treasury, bep.gov, bep.treas.gov, moneyfactory.gov, malicious iframe, Eleonore Exploit Kit, Adobe Reader, Flash, Internet Explorer, BEP US Treasury Website Compromised

Recently few websites of US Treasury Department were compromised. Victims that visited sites, such as, bep.gov, bep.treas.gov, moneyfactory.gov, were loaded with a hidden iframe containing exploit code - reported Websense .

This malicious iframe loads from email gr[REMOVED]ad.com which immediately hijacks to si[REMOVED]e-g.com/jobs which is the where the achievements are hosted.

Malicious iframe promotes the Eleonore Exploit Kit that is used which has support for several flaws in Adobe Reader, Flash, Internet Explorer and etc. The thing is that only 20% of all AV merchant have detected the file.

On Tuesday Treasury issued the following statement: “The Bureau of Engraving and Printing (BEP) entered the cloud computing arena last year. The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected. On May 3, the Treasury Government Security Operations Center was made aware of the problem and subsequently notified BEP. BEP has four Internet address URLs all pointing to one public website. Those URLs are; BEP.gov; BEP.treas.gov; Moneyfactory.gov and Moneyfactory.com”

More Computer Security news

39 flaws are fixed by Apple

39 flaws are fixed by Apple

Apple released OS X Lion 10.7.4 in order to fix 35 security holes as well as 4 vulnerabilities in the Safari web browser. The problem with Time Machine in OS X Lion is fixed with the new update. These flaws could enable a remote attacker to access a user's backup credentials. An issue is solved with Directory Service which could allow exposing sensitive data by the attacker. Read more.


News categories

Latest news

Related news