Hackers Kick Off Tax Season With Oklahoma Web Site Attack
Visitors to the Oklahoma Tax Commission Web site were told they needed to accept an Adobe license agreement and then download software. While the prompt appears "normal," researchers said that the application contained malicious code designed to infect users if they click "Accept." Once infected, hackers were able to take control of a user's PC, and gain access to victim's personal information stored on their system.
Researchers at AVG Technologies, who discovered the attack Thursday, said that the hackers were capitalizing on the uptick of visitors to tax sites at the beginning of tax season.
"With tax time upon us, this is a timely hack of a site that's getting above normal traffic," said Roger Thompson, AVG chief technology researcher, in an AVG blog post, adding "These things happen to lots of people, but it's a bit unfortunate to happen to any tax site at this time of year."
Thompson said that the site's IT personnel will remove the malicious code and restore the hacked Oklahoma tax site quickly. But how the hackers were able infiltrate the site still remains to be determined, he said, noting that the Oklahoma Tax site hackers seemed to be able to manipulate the site with relative ease.
"It's just a hacked site that is reaching out to a rotator in the Netherlands, which in turn calls out to an attack site," Thompson said in an e-mail. "This is a common technique today. They use the rotator to decide where to direct the victim, sort of like Microsoft's old slogan of 'where do you want to go today.' Interestingly, they've changed the script on the tax site since yesterday, so they must have steady access."
Thompson said that the hack likely occurred Wednesday due to the fact that he began to see reports of the attack circulating Thursday. Thompson warned users against visiting the Oklahoma state tax site until the malware was completely removed and the site was restored.