Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Malicious iFrame on US Treasury and other sites? - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Malicious iFrame on US Treasury and other sites?

We have received a number of emails from readers pointing us to news articles indicating that the US Treasury is in the process of cleaning up malicious iFrame that have infected a number of their sites.  We have also received one report that this particular iFrame redirect has also been found at other sites and that perhaps this may be another registrar related compromise.

If anyone has any further information on whether or not this is bigger than just the US Treasury, we would love to hear it. 

As usual you can send us feedback through the comments to this diary, or via our contact page.


-- Rick Wanner - rwanner at isc dot sans dot org


324 Posts
ISC Handler
May 4th 2010
Shameless plug:

A video + screenshot:

Jay @ Websense Security Labs
We must all do our part to protect the web beginning with military sites, then commerce and continue on the way down the chain of command. Anyway, here are some helpful information from others on the attack.

13 Posts
I have read that the potential I-frame exploit took advantage of a count meter that was run by a 3rd party on the websites. Is there any truth that this is how the website(s) were able to be exploited. In addition do any of you know if and when Microsoft will release a *.pdf reader. I thank everyone who is working hard here to get to the bottom of these issues.

13 Posts

Sign Up for Free or Log In to start participating in the conversation!