The Tech Herald

USPS website hit by Blackhole Exploit Kit

by Steve Ragan - Apr 8 2011, 02:05

Researchers at Zscaler have uncovered a Blackhole Kit attack carried out against the U.S. Postal Service’s Rapid Information Bulletin Board System (RIBBS). This is the second Blackhole Kit attack discovered this week, after another was spotted on the website for the Houston International Film Festival on Monday.

The Blackhole Kit, which was developed in Russia, cost about $1,500 USD annually for anyone who wants to deploy it, with discounts for six-month usage and quarterly usage. Described as being powerful, the kit includes payloads that target vulnerabilities in Java and Adobe PDF. Upgrades to the code make detection harder as the developers add more obfuscation and encryption to the packages.

The USPS attack focused on the RIBBS sub-domain that deals with Intelligent Mail services such as the use of barcodes for better tracking and logistics. Breaking down the attack, Zscaler noted that it followed patterns set previously by the Blackhole Kit by using staging to infect the victim’s machine.

Firstly, the attack starts with an Iframe injected into a legitimate site. This injected code then draws from another domain, which then redirects victims to the third stage. Here, the attack then scans the visitor's system and look for signs of Java or ActiveX before delivering appropriate payloads.

Again, this is the same process used during the attack on the Houston International Film Festival, and in both cases legitimate domains were used to initiate and propagate it each step of the way.

“Yet again, we have a legitimate website with a significant user base being used as a catalyst for attack. Combine that with an abysmal detection rate on the malicious payloads by desktop AV, the first and often only line of client side defense for many enterprises, and we have a potent attack that has no doubt affected many end users,” Zscaler’s Michael Sutton noted.

As this story was posted, the USPS had taken down the RIBBS domain while it works to clean out the infection.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Most expensive car: A guide to the world's priciest cars

The most expensive car ever sold is a 1962 Ferrari 250 GTO which changed hands for $35MILLION in May 2012. The lime-green sports car, originally built for British racing driver Sir Stirling Moss, was bought by billionaire US car collector and  businessman Craig McCaw, above, from Dutch-born tycoon Eric Heerema. It is one of just 39 Ferrari [...]

The post Most expensive car: A guide to the world's priciest cars appeared first on Autosaur.

Tesla Model X: The car of the future

For the 2014 model year, Californian electric carmaker Tesla Automotive will be rolling out its first sport utility offering the Tesla Model X — and a huge amount of thought has gone into it. SUVs have been popular in both mainstream and luxury auto lineups — especially models with three rows of seats — so [...]

The post Tesla Model X: The car of the future appeared first on Autosaur.

Most reliable cars: The complete guide

What are the most reliable cars on the road? The basic rule is: Buy Japanese. In the most recent survey of drivers’ experiences by top US group consumerreports.org, Japanese manufacturers scooped the top SIX places in the list. And one manufacture was head and shoulders above the rest: Toyota Motor Corporation. Their three brands, Scion, Toyota and [...]

The post Most reliable cars: The complete guide appeared first on Autosaur.