WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 1:18 PM
*Entry Title: *WHID 2011-70: US Postal Service Website Hit With 'Blackhole'
Exploit
*WHID ID: *2011-70
*Date Occurred: *April 8, 2011
*Attack Method: *Unknown
*Application Weakness: *Improper Output Handling
*Outcome: *Planting of Malware
*Attacked Entity Field: *Retail
*Attacked Entity Geography: *
*Incident Description: *The US Postal Service website received an unwelcome
delivery this week of a new attack rapidly spreading among legitimate
websites. USPS became the latest victim of the so-called "Blackhole"
toolkit, a wildly popular website attack kit that's easy to use and provides
obfuscation features that help it evade antivirus detection.
*Mass Attack: *No
*Reference: *
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229401258/us-postal-service-website-hit-with-blackhole-exploit.html
Attack Source Geography:
*Entry Title: *WHID 2011-70: US Postal Service Website Hit With 'Blackhole'
Exploit
*WHID ID: *2011-70
*Date Occurred: *April 8, 2011
*Attack Method: *Unknown
*Application Weakness: *Improper Output Handling
*Outcome: *Planting of Malware
*Attacked Entity Field: *Retail
*Attacked Entity Geography: *
*Incident Description: *The US Postal Service website received an unwelcome
delivery this week of a new attack rapidly spreading among legitimate
websites. USPS became the latest victim of the so-called "Blackhole"
toolkit, a wildly popular website attack kit that's easy to use and provides
obfuscation features that help it evade antivirus detection.
*Mass Attack: *No
*Reference: *
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229401258/us-postal-service-website-hit-with-blackhole-exploit.html
*Attack Source Geography:*
