14 DAY TRIAL // AlienVault experts are currently analyzing an attack on the website of the US Department of Labor (dol.gov).
According to the security firm, when users visit the Department of Labor website, a script is executed. This script is designed to probe the victim’s computer to see what versions of Flash, Java, Microsoft Office and Acrobat Reader are running.
It also checks for the presence of several antivirus solutions, including ones from Avira, Bitdefender, AVG, ESET, Avira, Dr. Web, Sophos, F-Secure and Kaspersky.
Once the information is collected and sent to a remote location, a malicious payload is downloaded by exploiting what appears to be CVE-2012-4792, an Internet Explorer vulnerability addressed by Microsoft in January.
The payload is currently detected by 13 of the 46 antivirus engines used by VirusTotal.
Experts have found that the command and control communication protocol used by the malware is the same as the one used by a known Chinese entity dubbed “DeepPanda.”
Update. Several security firms have analyzed the attack. It turns out that the vulnerability abused in this watering hole attack is actually an Internet Explorer 8 zero-day.