No one knew about this and AlienVault tells the Truth about that website that how US Labor website redirect users to Malicious code.
AlienVault Director Jaime Blasco said:
This is a watering hole attack, where attackers infect websites they know their targets visit regularly. US government officials could well be a target, he said, noting how the eventual aim is to get a backdoor on the victims’ machines to execute whatever malicious code they want
As you can see in the following UrlQuery report the website is including code from the malicious server dol[.]ns01[.]us:
What will happen after visiting the Site?
Also checks the Antivirus solution on the Systems including:
- Avira
- Bitdefender
- AVG
- ESET
- Avira
- Dr. Web, Sophos
- F-Secure
- Kaspersky.
Once the information is collected and sent to a remote location, a malicious payload is downloaded by exploiting what appears to be CVE-2012-4792, an Internet Explorer vulnerability Microsoft in January.
The payload is currently detected by 13 of the 46 antivirus engines used by VirusTotal.
Experts have found that the command and control communication protocol used by the malware is the same as the one used by a known Chinese entity dubbed “DeepPanda.”
Now the Site has been taken offline and will be kept offline until Investigation team is working on that.
For Latest Updates Subscribe to our Newspaper
