Hacking of U.S. Department of Labor Website Has Been Fixed

US Labor MalwareYou’ve probably already heard about the U.S. Department of Labor’s website being recently hacked, which is true; however a microsite, a subdomain of the Department’s main website that runs off a different server, was fixed to serve up the malware. The website that was affected is: www.sem.dol.gov. It’s been offline since May 2nd.

A Site Exposure Matrix or SEM is an archive of information on substances that are designated as toxic, and are often found on Department of Energy sites, or locations where radiation exposure could exist. The “site” in the name is not referring to websites, but to worksites.

Many theories have been proposed saying that the radiation-related nature of the SEM website hacking means it was a targeted attack. However it could be possible that the site was attacked because it’s more vulnerable than other parts of the Department of Labor website.

The hacker used a malicious JavaScript file that forced a browser to download a file named bookmark.png, which sounds like an image file to the average user, but in reality it’s a Windows program that can’t run by itself due to the first byte being altered.

Typically, a browser won’t do anything other than simply downloading the offending file, but the JavaScript uses a function called helo() (pictured below) that triggers the CVE-2012-4792 remote code execution vulnerability found in Internet Explorer.

The hacker attempts to run the downloaded malware program by tricking your browser into skipping security checks, causing the download to start without asking you first. It seems as though the exploit has borrowed both the concept and code from a Metasploit module that is publically available. However, if you’ve recently patched Windows or you’re using Internet Explorer 9 or 10 then you’re probably safe, because the patch decreases your vulnerability and the file should cause no harm to your system.

The attack also used a malicious scrip file including anti-anti-virus techniques, where the attacker can attempt to avoid detection through the interference of one or more operating anti-virus tools you might be running; and if you’re using BitDefender, the script can connect you to the local web console and reconfigure the product.

Technology Security is crucial to your Houston business.  You must take the right steps to ensure all your business information, websites and any other communication tools are safeguarded.  Do you have a business technology security plan?  If not, our Houston IT service team help design and implement a tech security plan that fits your business.  Contact us today.

Get in Touch

  • 1080 W. Sam Houston Pkwy N Suite 130, Houston, TX 77043

  • 713.490..5000

IT Consulting Houston