Malicious activity in US government’s Department of Labor website uncovered by AlienVault Labs, it is compromised by Chinese Hackers known as Deep Panda or any individual Group.

No one knew about this and AlienVault tells the Truth about that website that how US Labor website redirect users to Malicious code.


US Labor Department Website- (





AlienVault Director Jaime Blasco said:

This is a watering hole attack, where attackers infect websites they know their targets visit regularly. US government officials could well be a target, he said, noting how the eventual aim is to get a backdoor on the victims’ machines to execute whatever malicious code they want


As you can see in the following UrlQuery report the website is including code from the malicious server dol[.]ns01[.]us:

Once you visit the website the following file is included:
www[.]sem[.]dol[.]gov/scripts/textsize.js that contains the following code:
contains the following code

What will happen after visiting the Site?

When user will visit, that Malicious code will execute that you can see the image above , code is designed to breach into the system and take over all the Information like which version of Flash, Java, Microsoft Office and Acrobat Reader are running.

Also checks the Antivirus solution on the Systems including:

  • Avira
  • Bitdefender
  • AVG
  • ESET
  • Avira
  • Dr. Web, Sophos
  • F-Secure
  • Kaspersky. 


Once the information is collected and sent to a remote location, a malicious payload is downloaded by exploiting what appears to be CVE-2012-4792, an Internet Explorer vulnerability Microsoft in January.

The payload is currently detected by 13 of the 46 antivirus engines used by VirusTotal.

Experts have found that the command and control communication protocol used by the malware is the same as the one used by a known Chinese entity dubbed “DeepPanda.”


Now the Site has been taken offline and will be kept offline until Investigation team is working on that.


For Latest Updates Subscribe to our Newspaper

Follow us on FacebookTwitter and Google+




This site uses Akismet to reduce spam. Learn how your comment data is processed.