Is Philippine Bureau of Immigration website compromised, hosting malware?

According to Websense Security Labs™ and the Websense ThreatSeeker® Network, they have detected malicious emails disguised as HSBC Notifications.  A closer look at these emails, like the one you can see below, reveals that the link provided in the emails is a compromised URL belonging to the Philippine Bureau of Immigration.

Clicking the link prompts the user to download a malicious file called "atualizar.exe".

The Philippine Bureau of Immigration is using Joomla as their CMS and there is a file named “atualizar.php” which is a Portuguese word and translate to “update.php”. 

The file was probably replaced or inserted maliciously. This link “” if you hit it, the HTTP response status code is 302 which is the most common way of performing a redirection. It redirect to “” which probably contain the actual payload…


   2: [kramfs@viasvr temp]$ wget

   3: --2011-08-10 

   4: 17:15:03--

   5: Resolving 


   7: Connecting to 

   8:||:80... connected.

   9: HTTP request sent, 

  10: awaiting response... 302 Found

  11: Location: 

  12: [following]

  13: --2011-08-10 17:15:04--

  14: Reusing 

  15: existing connection to

  16: HTTP request sent, awaiting 

  17: response... No data received.

  18: Retrying.

  19: --2011-08-10 17:15:05-- (try: 2)

  20: Connecting 

  21: to||:80... connected.

  22: HTTP request sent, 

  23: awaiting response... 200 OK

  24: Length: 699460 (683K) 

  25: [application/x-msdos-program]

  26: Saving to: âatualizar.exeâ

  27: 100%[============================================================================>] 

  28: 699,460 63.4K/s in 12s

  29: 2011-08-10 17:15:17 (57.2 KB/s) - âatualizar.exeâ


Trend Micro flag this file as malicious….


You can find the VirusTotal analysis results for this .exe as it is detected by different AV solutions.

Source Reference: Websense Security Labs


  1. Pingback: Gutschein Weight Watchers

  2. Pingback: rahaa

  3. Pingback: Small Business

  4. Pingback: thank you

  5. Pingback: Raylene Mcanany

  6. Pingback: PayPal

  7. Pingback: Thanh Irizzary

  8. Pingback: the zone quotes

  9. Pingback: funny videos pictures

  10. Pingback: house trained dog

  11. Pingback: The Shade Room

  12. Pingback: small business social media

  13. Pingback: social media web 2.0

  14. Pingback: obchod

  15. Pingback: Like This

  16. Pingback: Automobile Engineering

  17. Pingback: Las mil y una noches

  18. Pingback: SoundCloud Plays Packages

  19. Pingback: Pok Shurts

  20. Pingback: Denver's funnest Photobooth

  21. Pingback: Pest Control

  22. Pingback: Geek sites

  23. Pingback: Chadwick Courchine

  24. Pingback: Plus Size Swimwear

  25. Pingback:

  26. Pingback:

  27. Pingback: Best Wordpress Child Themes

  28. Pingback: Professional Wordpress Child Themes for download

  29. Pingback: Najbolja bosanska rock muzika

  30. Pingback: Najbolja bosanska rock muzika

Leave a Comment

Your email address will not be published. Required fields are marked *