Three websites belonging to the US Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.
AVG researcher Roger Thompson discovered the issue Monday on three web domains associated with the home page of the US Bureau of Engraving and Printing. As of late Monday, all three websites were still actively serving malicious software and the Bureau of Engraving and Printing website should be avoided until it's clear that they've been cleaned up, Thompson said in an interview via instant message.
Although the Treasury Department could not be reached for comment, IT staff there appear to be aware of the problem. On Tuesday morning, all three sites had apparently been taken offline and were returning a "page not found" error.
According to Thompson, hackers had added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a website in the Ukraine that then launched a variety of web-based attacks based on a commercially available attack-kit called the Eleonore Exploit pack.
The Ukrainian website was associated with similar attacks in the past. Those attacks targeted a handful of known software bugs, including flaws in Adobe's Reader software.
The Bureau of Engraving and Printing provides information on US currency - how to identify counterfeit bills for example - and just two weeks ago had used its website to promote the newly redesigned US$100 bill.
It's not clear how hackers managed to install their malicious code on the Treasury Department's websites.