Site Exposure Matrices (sem.dol.gov), the sub-domain of the United States Department of Labor website is found to be hacked and infected with malicious code.
The Malware analysts at AlientVault Labs analyzed the page and found one of the javascript file is infected and loads malicious external javascript code.
The external script is designed to collect the following information from the victim's computer: Java version, Microsoft Office version, Adobe Reader version, flash version running on the system.
The script is also able to check the presence of the following antivirus : Avira, BitDefender, Mcafee, AVG, NOD32, Dr.Web,Microsoft Security Essentials, Sophos, Kaspersky and F-Secure.
The collected information is being send to the remote server and it serves the malicious code that attempts to exploit the Use-after-free vulnerability in Internet Explorer(CVE-2012-4792).
The Malware analysts at AlientVault Labs analyzed the page and found one of the javascript file is infected and loads malicious external javascript code.
The external script is designed to collect the following information from the victim's computer: Java version, Microsoft Office version, Adobe Reader version, flash version running on the system.
The script is also able to check the presence of the following antivirus : Avira, BitDefender, Mcafee, AVG, NOD32, Dr.Web,Microsoft Security Essentials, Sophos, Kaspersky and F-Secure.
According to their report, some of the techniques used in the attack resembled the previous exploit identified in the Thailand NGO website.
