Is Philippine Bureau of Immigration website compromised, hosting malware?

According to Websense Security Labs™ and the Websense ThreatSeeker® Network, they have detected malicious emails disguised as HSBC Notifications.  A closer look at these emails, like the one you can see below, reveals that the link provided in the emails is a compromised URL belonging to the Philippine Bureau of Immigration.

Clicking the link prompts the user to download a malicious file called "atualizar.exe".

The Philippine Bureau of Immigration is using Joomla as their CMS and there is a file named “atualizar.php” which is a Portuguese word and translate to “update.php”. 

The file was probably replaced or inserted maliciously. This link “http://immigration.gov.ph/administrator/components/com_media/old/atualizar.php” if you hit it, the HTTP response status code is 302 which is the most common way of performing a redirection. It redirect to “http://immigration.gov.ph/administrator/components/com_media/old/atualizar.exe” which probably contain the actual payload…

   1:  

   2: [kramfs@viasvr temp]$ wget http://immigration.gov.ph/administrator/components/com_media/old/atualizar.php

   3: --2011-08-10 

   4: 17:15:03-- http://immigration.gov.ph/administrator/components/com_media/old/atualizar.php

   5: Resolving 

   6: immigration.gov.ph... 124.6.144.116

   7: Connecting to 

   8: immigration.gov.ph|124.6.144.116|:80... connected.

   9: HTTP request sent, 

  10: awaiting response... 302 Found

  11: Location: http://immigration.gov.ph/administrator/components/com_media/old/atualizar.exe 

  12: [following]

  13: --2011-08-10 17:15:04-- http://immigration.gov.ph/administrator/components/com_media/old/atualizar.exe

  14: Reusing 

  15: existing connection to immigration.gov.ph:80.

  16: HTTP request sent, awaiting 

  17: response... No data received.

  18: Retrying.

  19: --2011-08-10 17:15:05-- (try: 2) http://immigration.gov.ph/administrator/components/com_media/old/atualizar.exe

  20: Connecting 

  21: to immigration.gov.ph|124.6.144.116|:80... connected.

  22: HTTP request sent, 

  23: awaiting response... 200 OK

  24: Length: 699460 (683K) 

  25: [application/x-msdos-program]

  26: Saving to: âatualizar.exeâ

  27: 100%[============================================================================>] 

  28: 699,460 63.4K/s in 12s

  29: 2011-08-10 17:15:17 (57.2 KB/s) - âatualizar.exeâ

 

Trend Micro flag this file as malicious….

image

You can find the VirusTotal analysis results for this .exe as it is detected by different AV solutions.

Source Reference: Websense Security Labs

3,315 Comments

  1. Pingback: mini hand massager

  2. Buy Bulk SoundCloud Accounts

    After examine a few of the blog posts in your website now, and I really like your way of blogging. I bookmarked it to my bookmark web site listing and can be checking back soon. Pls try my web site as effectively and let me know what you think.

    Reply
  3. José Wilame Araújo Rodrigues

    Somebody necessarily lend a hand to make seriously posts I would state. This is the first time I frequented your website page and to this point? I surprised with the analysis you made to make this actual publish incredible. Wonderful task!|

    Reply
  4. Pingback: unlimited lifestyle

  5. make a aquarius miss you

    very good submit, i certainly love this website, carry on it

    Reply
  6. Pingback: 1 page wordpress themes free

  7. Pingback: christian hip hop clothing

  8. Pingback: adventure lifestyle

  9. Yasmin Sheikh

    You know thus considerably in the case of this topic, produced me personally consider it from so many varied angles. Its like women and men aren’t involved until it’s something to accomplish with Lady gaga! Your individual stuffs excellent. At all times care for it up!

    Reply
  10. Pingback: how to remove consumer complaints from google

  11. Itamar Serp

    This is a topic which is near to my heart… Take care! Exactly where are your contact details though?|

    Reply
  12. Pingback: super head honcho

  13. Pingback: black outdoors

  14. Pingback: black israelites

  15. aries love compatibility horoscope

    This website can be a walk-via for all the data you wanted about this and didn’t know who to ask. Glimpse here, and you’ll undoubtedly uncover it.

    Reply
  16. I found your blog web site on google and test a few of your early posts. Proceed to maintain up the excellent operate. I simply extra up your RSS feed to my MSN Information Reader. Looking for ahead to reading extra from you afterward!…

    Reply
  17. Pingback: Remove Online Complaints

  18. Lélio Vieira Carneiro Junio

    Hey are using WordPress for your site platform? I’m new to the blog world but I’m trying to get started and set up my own. Do you need any coding expertise to make your own blog? Any help would be greatly appreciated!|

    Reply
  19. WONDERFUL Post.thanks for share..more wait .. …

    Reply
  20. home security camera reviews

    Are you thinking of anxious about your family members?

    Reply
  21. should i make an capricorn man jealous

    Oh my goodness! an amazing article dude. Thank you Nevertheless I’m experiencing subject with ur rss . Don’t know why Unable to subscribe to it. Is there anyone getting equivalent rss problem? Anybody who knows kindly respond. Thnkx

    Reply
  22. aries man in love with a scorpio woman

    you’ve got an awesome blog here! would you wish to make some invite posts on my weblog?

    Reply
  23. home security camera systems best buy

    Feeling concerned with your family?

    Reply
  24. make virgo fall for you

    You must participate in a contest for among the best blogs on the web. I will advocate this website!

    Reply
  25. make a pisces guy fall in love

    There are some fascinating deadlines in this article but I don’t know if I see all of them heart to heart. There may be some validity but I will take hold opinion till I look into it further. Good article , thanks and we would like more! Added to FeedBurner as nicely

    Reply
  26. leo man looking for love

    I was very pleased to search out this net-site.I needed to thanks in your time for this wonderful read!! I positively enjoying each little little bit of it and I have you bookmarked to take a look at new stuff you weblog post.

    Reply
  27. Pingback: h?rdavat

  28. cancer man likes me

    I’m impressed, I have to say. Actually not often do I encounter a blog that’s both educative and entertaining, and let me let you know, you might have hit the nail on the head. Your thought is excellent; the problem is one thing that not enough individuals are speaking intelligently about. I am very pleased that I stumbled across this in my seek for one thing referring to this.

    Reply
  29. Pingback: click here for free download

  30. Pingback: nipple toys

  31. Egli Diana Pinto

    Hmm it looks like your site ate my first comment (it was super long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I as well am an aspiring blog writer but I’m still new to everything. Do you have any suggestions for novice blog writers? I’d genuinely appreciate it.|

    Reply
  32. Pingback: grab it now

  33. Pingback: black friday deals 2017

  34. WONDERFUL Post.thanks for share..extra wait .. …

    Reply
  35. Pingback: go to official site

  36. click here

    This really answered my downside, thank you!

    Reply
  37. Pingback: go to official site

  38. click this

    A powerful share, I just given this onto a colleague who was doing a bit evaluation on this. And he the truth is purchased me breakfast as a result of I discovered it for him.. smile. So let me reword that: Thnx for the treat! However yeah Thnkx for spending the time to discuss this, I really feel strongly about it and love studying extra on this topic. If doable, as you turn into experience, would you thoughts updating your weblog with extra particulars? It is highly helpful for me. Massive thumb up for this weblog submit!

    Reply
  39. Pingback: remove consumer complaints

  40. Kulkarni Namita

    Wonderful goods from you, man. I’ve be mindful your stuff prior to and you are just too excellent. I actually like what you’ve acquired right here, really like what you are stating and the best way by which you assert it. You’re making it entertaining and you continue to take care of to keep it sensible. I cant wait to learn much more from you. This is actually a great site.

    Reply
  41. Pingback: clitoral stimulation

  42. Lelio Junior

    Hmm is anyone else having problems with the pictures on this blog loading? I’m trying to figure out if its a problem on my end or if it’s the blog. Any feedback would be greatly appreciated.|

    Reply
  43. Pingback: wanachi waterproof

  44. Pingback: apps like tinder

  45. Pingback: trading online platform

  46. who is the secretary of energy

    I’m impressed, I must say. Actually hardly ever do I encounter a blog that’s each educative and entertaining, and let me let you know, you’ve hit the nail on the head. Your idea is excellent; the issue is one thing that not enough people are speaking intelligently about. I am very completely satisfied that I stumbled throughout this in my search for one thing regarding this.

    Reply
  47. black friday wordpress theme deals

    An interesting dialogue is price comment. I believe that you need to write more on this matter, it won’t be a taboo subject but usually people are not enough to speak on such topics. To the next. Cheers

    Reply
  48. Pingback: dildo review

  49. Futurama Worlds of Tomorrow Hack

    I found your blog site on google and verify a few of your early posts. Proceed to maintain up the excellent operate. I just further up your RSS feed to my MSN News Reader. In search of ahead to reading more from you later on!…

    Reply
  50. Pingback: invest online

Leave a Comment

Your email address will not be published. Required fields are marked *