Malware hits USPS website, 'whistleblower' blog

Attackers managed to compromise a website of the United States Postal Service (USPS), but may have gone one step further, as a blog detailing the attack also seems to have been compromised. Search engine Google still warned users the USPS' National Customer Support Center (ribs.usps.gov) "may harm your computer" as of Friday afternoon (Manila time). But a blog that warned of the attack may have also been compromised, apparently hit by a JavaScript attack. An article in PC Magazine quoted researchers at Zscaler who discovered the compromise at the USPS website as saying the attackers may have used the Black Hole Exploit Kit. Zscaler's researchers tracked the attack, which used JavaScript in the USPS page to redirect users to another site, which would then redirect users again to a third site. The PCMag article said that the attack has already been nullified. "While the exploit was active, visitors attempting to reach the USPS National Customer Support Center wouldn't have seen any of this. Instead, they would have gotten what appeared to be a standard 404 'not found' error page," it said. However, going to the Zscaler blog post that the PCMag story referred to would trigger an antivirus alert. At least one antivirus program would block the Zscaler blog address, identifying the infection as JS:ScriptDC-inf [Trj]. The website ScanForFree defines the JS:ScriptDC-inf as a Trojan that uses the Windows FTP (file transfer protocol) client to download other executable trojan programs without your knowledge or permission. "JS:ScriptDC-inf may stay veiled from security software by attaching itself to running processes in task manager. JS:ScriptDC-inf may spread via adult and freeware content websites, through corrupt e-mail attachments or through multimedia updates," it said. It added JS:ScriptDC-inf is a serious risk to one's computer and is recommended to be removed as soon as possible. — TJD, GMA News