Hacked .gov websites
A couple of days ago, our SearchShield intelligence network noticed a
bunch of .gov sites serving malware via drive-by downloaded exploits and
social engineering. The front pages of the .gov sites are seemingly not
hacked themselves, but they're hosting pages that serve it. We've
identified about a dozen poisoned sites so far, though we expect there
are many more related to this hack. The first dozen or so seem to be city governments such as lasalle, il and frenchsettlement-la.
The attacking pages seem to try one of three things. First they try an
exploit to install their malware, and if that doesn't work, they try to
trick you into installing a fake codec, and if that doesn't work, they
run a fake antispy scan, and try to convince you that your machine is
already compromised, but their software can fix it... just click the
We've made a video about it, and it's at youtube here ...
with a hires .mov here...
These particular pages were detected with adult/XXX type queries, but many innocent searches also return the sites.
We'll add more details in this blog as we go.
Labels: hacked .gov websites