Is Philippine Bureau of Immigration website compromised, hosting malware?

According to Websense Security Labs™ and the Websense ThreatSeeker® Network, they have detected malicious emails disguised as HSBC Notifications.  A closer look at these emails, like the one you can see below, reveals that the link provided in the emails is a compromised URL belonging to the Philippine Bureau of Immigration.

Clicking the link prompts the user to download a malicious file called "atualizar.exe".

The Philippine Bureau of Immigration is using Joomla as their CMS and there is a file named “atualizar.php” which is a Portuguese word and translate to “update.php”. 

The file was probably replaced or inserted maliciously. This link “” if you hit it, the HTTP response status code is 302 which is the most common way of performing a redirection. It redirect to “” which probably contain the actual payload…


   2: [kramfs@viasvr temp]$ wget

   3: --2011-08-10 

   4: 17:15:03--

   5: Resolving 


   7: Connecting to 

   8:||:80... connected.

   9: HTTP request sent, 

  10: awaiting response... 302 Found

  11: Location: 

  12: [following]

  13: --2011-08-10 17:15:04--

  14: Reusing 

  15: existing connection to

  16: HTTP request sent, awaiting 

  17: response... No data received.

  18: Retrying.

  19: --2011-08-10 17:15:05-- (try: 2)

  20: Connecting 

  21: to||:80... connected.

  22: HTTP request sent, 

  23: awaiting response... 200 OK

  24: Length: 699460 (683K) 

  25: [application/x-msdos-program]

  26: Saving to: âatualizar.exeâ

  27: 100%[============================================================================>] 

  28: 699,460 63.4K/s in 12s

  29: 2011-08-10 17:15:17 (57.2 KB/s) - âatualizar.exeâ


Trend Micro flag this file as malicious….


You can find the VirusTotal analysis results for this .exe as it is detected by different AV solutions.

Source Reference: Websense Security Labs


  1. Pingback: read leadership

  2. Pingback: buy beastiality porn

  3. Pingback: resources decor

  4. Pingback: prowadzenie sklepu internetowego

  5. Pingback: midnight g box firmware

  6. Pingback: read dresses

  7. Pingback: Internet Marketing In Atlanta

  8. Pingback: Build a Bike for Charity

  9. Pingback: like it

  10. Pingback: sheer lingerie

  11. Pingback: Parrots

  12. Pingback: Sell Lego

  13. Pingback: how to attract a woman instantly

  14. Pingback: Aikijujitsu

  15. Pingback: GTA V

  16. Pingback: Get PSN Gratuit

  17. Pingback: Insta Hacker

  18. Pingback: Atlanta Local Business SEO

  19. Pingback: Anti Aging Cream

  20. Pingback: boston ma limousine service

  21. Pingback: Name Rings

  22. Pingback: mario games 66

  23. Pingback: razor

  24. Pingback: boston taxi from airport

  25. Pingback:

  26. Pingback: Goriani art

  27. Pingback: best phytoceramide supplement

  28. Pingback: How can you Increase Your LIst using Solo Ads?

  29. Pingback: Al Masry Afandi

  30. Pingback: Read This

  31. Pingback: netherlands hosting

  32. Pingback: does pure garcinia cambogia really work

  33. Pingback: vin

  34. Pingback: marjariasana

  35. Pingback: Balance your Home business and family life

  36. Pingback: pullingoil

  37. Pingback: work at home

  38. Pingback: make money on the internet

  39. Pingback: make money online

  40. Pingback: Shergate Condos Mississauga

  41. Pingback: where can you purchase garcinia cambogia

  42. Pingback: blog

  43. Pingback: online geld verdienen

  44. Pingback: AZ Pool Contractor

  45. Pingback: pokemon t shirt

  46. Pingback: Addiction Treatment

  47. Pingback: Need For Speed

  48. Pingback: where can you buy forskolin

  49. Pingback: garcinia cambogia pill

  50. Pingback:

Leave a Comment

Your email address will not be published. Required fields are marked *