Is Philippine Bureau of Immigration website compromised, hosting malware?

According to Websense Security Labs™ and the Websense ThreatSeeker® Network, they have detected malicious emails disguised as HSBC Notifications.  A closer look at these emails, like the one you can see below, reveals that the link provided in the emails is a compromised URL belonging to the Philippine Bureau of Immigration.

Clicking the link prompts the user to download a malicious file called "atualizar.exe".

The Philippine Bureau of Immigration is using Joomla as their CMS and there is a file named “atualizar.php” which is a Portuguese word and translate to “update.php”. 

The file was probably replaced or inserted maliciously. This link “” if you hit it, the HTTP response status code is 302 which is the most common way of performing a redirection. It redirect to “” which probably contain the actual payload…


   2: [kramfs@viasvr temp]$ wget

   3: --2011-08-10 

   4: 17:15:03--

   5: Resolving 


   7: Connecting to 

   8:||:80... connected.

   9: HTTP request sent, 

  10: awaiting response... 302 Found

  11: Location: 

  12: [following]

  13: --2011-08-10 17:15:04--

  14: Reusing 

  15: existing connection to

  16: HTTP request sent, awaiting 

  17: response... No data received.

  18: Retrying.

  19: --2011-08-10 17:15:05-- (try: 2)

  20: Connecting 

  21: to||:80... connected.

  22: HTTP request sent, 

  23: awaiting response... 200 OK

  24: Length: 699460 (683K) 

  25: [application/x-msdos-program]

  26: Saving to: âatualizar.exeâ

  27: 100%[============================================================================>] 

  28: 699,460 63.4K/s in 12s

  29: 2011-08-10 17:15:17 (57.2 KB/s) - âatualizar.exeâ


Trend Micro flag this file as malicious….


You can find the VirusTotal analysis results for this .exe as it is detected by different AV solutions.

Source Reference: Websense Security Labs


  1. Pingback:

  2. Pingback: instagram followers bot

  3. Pingback: Business Spotlight Online

  4. Pingback: studexpoland

  5. Pingback: chilli jalapenos

  6. Pingback: Bonuses

  7. Pingback: Business and Careers Resource

  8. Pingback: The Blackjack Crack System - Learn how to get an advantage at blackjack with this simple crack!

  9. Pingback: read review

  10. Pingback: School Of Technology

  11. Pingback:

  12. Pingback: Free Pinterest Likes

  13. Pingback: monaco handbag

  14. Pingback: investment programs online

  15. Pingback: animals

  16. Pingback: kliknij link

  17. Pingback: tutaj

  18. Pingback: Travel Insurance Companies

  19. Pingback: tablets computers

  20. Pingback: Property management las vegas

  21. Pingback: warots

  22. Pingback: ?IWE MAGAZINE? is the hottest in town

  23. Pingback: IOSR fake academic journals

  24. Pingback: Pinganillo

  25. Pingback: SEO benefits

  26. Pingback: Calculate website design cost

  27. Pingback: How to start a blog and make money

  28. Pingback: mobile advertising

  29. Pingback:

  30. Pingback: site

  31. Pingback: Business Management Jobs

  32. Pingback:

  33. Pingback: Gary's Tackle Box

  34. Pingback: Informations Technology Management

  35. Pingback: Local Business Banking Support

  36. Pingback: 2015 merceds benz e250 cabriolet design

  37. Pingback: Bend 2 Portland

  38. Pingback: DontPanik

  39. Pingback: Click here now!

  40. Pingback: How to change my GoPro HERO 4 Wifi password

  41. Pingback: surfboard sb6121

  42. Pingback: Financial Services Society

  43. Pingback: Edwin Holguin

  44. Pingback: fashion blog

  45. Pingback: Magic

  46. Pingback: Accounting Of Business Solutions

  47. Pingback: bedfordshire escorts

  48. Pingback: facebook

  49. Pingback: write like a journalist

  50. Pingback: Finance Acquisition

Leave a Comment

Your email address will not be published. Required fields are marked *