US Treasury Web sites hacked, serving malware, reports AVG

AVG reports that “a couple of treas.gov websites were hacked, and were reaching out to an attack site in Ukraine. The websites involved were bep.gov (Bureau of Engraving and Printing), bep.treas.gov and moneyfactory.gov. They had been script injected with the line of code circled in red (see pic). The Ukrainian website known for similar attacks, […]

AVG reports that “a couple of treas.gov websites were hacked, and were reaching out to an attack site in Ukraine. The websites involved were bep.gov (Bureau of Engraving and Printing), bep.treas.gov and moneyfactory.gov. They had been script injected with the line of code circled in red (see pic). The Ukrainian website known for similar attacks, was using a commercially available malware distribution tool called Eleonore Exploit Pack to infect users' machines. The methodology of the infection of the website is currently unknown, but users are warned to stay away from the website until sufficient corrective actions are taken. Btw, you should _not_ mess with the attack site (grepad) ... it was dead earlier today, but could easily come back to life,” reports AVG.

[Source]