Government Security News and 60 Other Websites Hacked, Abused to Serve Malware

Java vulnerabilities exploited to push the ZeroAccess Trojan

Earlier this week, Government Security News (GSN) took down its website after identifying a piece of malware on it. Visitors of the site had been served malicious code from a known malware distributor.

After investigating the incident, Zscaler experts found that at least 65 websites had been compromised, some as early as June 13.

Researchers discovered that the attack had three steps. In the first step, malicious advertisements from were injected into the sites.

Then, victims were redirected to domains such as,, and, which delivered a malicious .jar file.

This .jar file is designed to exploit two known Java vulnerabilities in an effort to download the notorious ZeroAccess Trojan onto the victims’ computers.

Zscaler has notified all the impacted websites of the incident. GSN has confirmed that its website is now clean.

Hot right now  ·  Latest news