Is Philippine Bureau of Immigration website compromised, hosting malware?

According to Websense Security Labs™ and the Websense ThreatSeeker® Network, they have detected malicious emails disguised as HSBC Notifications.  A closer look at these emails, like the one you can see below, reveals that the link provided in the emails is a compromised URL belonging to the Philippine Bureau of Immigration.

Clicking the link prompts the user to download a malicious file called "atualizar.exe".

The Philippine Bureau of Immigration is using Joomla as their CMS and there is a file named “atualizar.php” which is a Portuguese word and translate to “update.php”. 

The file was probably replaced or inserted maliciously. This link “” if you hit it, the HTTP response status code is 302 which is the most common way of performing a redirection. It redirect to “” which probably contain the actual payload…


   2: [kramfs@viasvr temp]$ wget

   3: --2011-08-10 

   4: 17:15:03--

   5: Resolving 


   7: Connecting to 

   8:||:80... connected.

   9: HTTP request sent, 

  10: awaiting response... 302 Found

  11: Location: 

  12: [following]

  13: --2011-08-10 17:15:04--

  14: Reusing 

  15: existing connection to

  16: HTTP request sent, awaiting 

  17: response... No data received.

  18: Retrying.

  19: --2011-08-10 17:15:05-- (try: 2)

  20: Connecting 

  21: to||:80... connected.

  22: HTTP request sent, 

  23: awaiting response... 200 OK

  24: Length: 699460 (683K) 

  25: [application/x-msdos-program]

  26: Saving to: âatualizar.exeâ

  27: 100%[============================================================================>] 

  28: 699,460 63.4K/s in 12s

  29: 2011-08-10 17:15:17 (57.2 KB/s) - âatualizar.exeâ


Trend Micro flag this file as malicious….


You can find the VirusTotal analysis results for this .exe as it is detected by different AV solutions.

Source Reference: Websense Security Labs


  1. Pingback: more info

  2. Pingback: Military custom coins

  3. Pingback:

  4. Pingback:

  5. Pingback: News

  6. Pingback:

  7. Pingback: Qatar real estate

  8. Pingback: sausage tree cream online

  9. Pingback: tros radar

  10. Pingback: las vegas video production

  11. Pingback: race

  12. Pingback: Litecoin Price Index

  13. Pingback: hair product reviews

  14. Pingback: USB Collar ID

  15. Pingback: canada goose jackets sale

  16. Pingback: Read This

  17. Pingback: coffee grinds

  18. Pingback: find a personal injury lawyer brampton

  19. Pingback: read plans

  20. Pingback: interior design living room

  21. Pingback: opieka informatyczna chorzów

  22. Pingback: dropping odds

  23. Pingback: no deposit bonus

  24. Pingback: Source

  25. Pingback: More Bonuses

  26. Pingback: find your lost things in india

  27. Pingback: binäre optionen broker

  28. Pingback: Cross Country Movers

  29. Pingback: useful inspections

  30. Pingback: Best Hair Growth Treatment

  31. Pingback: toronto downtown locksmith services

  32. Pingback: personal injury lawyer brampton

  33. Pingback: prescription discount program

  34. Pingback: next page

  35. Pingback: home cleaning denver

  36. Pingback: dc

  37. Pingback: Authentic Retro Air Jordans, rare editions and free shipping on all orders

  38. Pingback: balance

  39. Pingback: make money online ways

  40. Pingback: Best Social Network

  41. Pingback: lottery results history

  42. Pingback: houston san

  43. Pingback: film streaming américain

  44. Pingback: Female driving instructor swindon

  45. Pingback: StrategyDB is a cost effective way to improve best execution

  46. Pingback: list building

  47. Pingback: four corners alliance group coach van

  48. Pingback: porno

  49. Pingback: wnc humanists

  50. Pingback: Work from home mom

Leave a Comment

Your email address will not be published. Required fields are marked *