AVG analysts spotted a script-injection hack on web site of the District of Columbia, USA. The malicious change to the Web page takes visitors to a variety of malicious downloads.

The USA capital Washington is in the District of Columbia. The intruders put script on the page that lists the D.C. “Directory of Agencies and Services.”

AVG has notified the US-CERT of the intruder attack.

District of Columbia

.gov website District of Columbia website

 

The injected script looks like this. 

Script injection

Users visiting the page will be redirected to a fake scanning page in Internet Explorer:

fake Internet Explorer site

If using Firefox browser, you will be redirected to a fake Flash update:

Fake flash site

 

The fakeAV and fake Flash update pages download a file named scandsk.exe:

 

Fake AV site

 

 

The fake AV and fake Flash update pages also contain a 1×1 iframe that loads a src=”i.html” exploit:

 

The “i.html” loads a multisploit that uses PluginDetect to switch between various malicious JAVA and malicious PDF files to be served to the victim.

There’s good news for AVG users, as you are protected from each of these threats in a number of ways.

This report is by the AVG Threat Research Group