Department of Labor Hacked

A Department of Labor sub-site appears to have been hacked, and the affected site distributed malware to the computers of people viewing the web pages. The "Site Exposure Matrices" page redirected viewers to pages which gathered information about the computer viewing the site, attempted to disable common AntiVirus packages, then attempted to run malware associated with the Chinese-linked DeepPanda operation.

The malware attempted to install command and control software on the PCs of people who were not patched to correct the vulnerability in the malware.

The site is used by people who are applying for job-related compensation for workers in the energy field.

UPDATE: People using the IE (Internet Explorer) 8 browser are vulnerable to the exploit on the DOL web site. A module exploiting this bug is available for Metasploit. It is not clear whether this will be patched in the next Microsoft patch round, but a patch is not available as of this writing. IE8 users are urged to update to a current, fully patched version of IE.

UPDATE: The May 13 patch round will include a fix for this vulnerability for IE 8. A temporary work-around has been provided by Microsoft as well.