USPS RIBBS Customer Support Center Site Hit With Malware

Posted on by postal

According to Zscaler Research Update (04/07/2011 10:03am PST): USPS officials have taken the http://ribbs.usps.gov web site down to address the infection.

A United States Postal Service website (http://ribbs.usps.gov) has been infected with the Blackhole Exploit kit. As we’ve discussed previously, the Blackhole Exploit kit, a commercial exploit kit developed by Russian hackers, is being seen in an increasing number of attacks.

The US Postal Service’s National RIBBS Customer Support Center has been hit with malware. If you go to ribbs.usps.gov you are warned that the site “may harm your computer.”

 

 

 

 

 

 

 

 

 

 

 

 

 

According to Google’s diagnostic page

What is the current listing status for ribbs.usps.gov?

Site is listed as suspicious – visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 103 pages we tested on the site over the past 90 days, 7 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-04-07, and the last time suspicious content was found on this site was on 2011-04-07.Malicious software includes 6 scripting exploit(s), 6 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 7 domain(s), including oldschool.vv.cc/, winupdateserver.su/, hdd1.ru/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including hdd1.ru/, learningtogether.net/.

This site was hosted on 1 network(s) including AS7018 (ATT)

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, ribbs.usps.gov did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the