PRC Website hit by Zero-Day Attack?

If you have noticed, the Professional Regulation Commission (PRC) website is hardly accessible these days. If you go to www.prc.gov.ph, it's either the site graphics do not display properly or your browser will crash. Was it hit by the Zero-Day Attack?

I would like to share my research on Zero-Day Attack which is currently affecting the PRC website. I had a feeling since Saturday, July 12th, that the site is experiencing "abnormal activities".

What is "Zero-Day Attack"?
"A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities which are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability.

The term derives from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security fix to users of the software. (In computer science, numbering often starts at zero instead of one.)"
What is "Browser Exploit"?
"A browser exploit is a piece of code that exploits a software bug in a web browser such that the code makes the browser do something unexpected, including crash, read or write local files, propagate a virus or install spyware. Malicious code may exploit HTML, JavaScript, Images, ActiveX, Java and other Web technologies. HTML alone is harmless (can only crash browser in some cases on vulnerable web browsers), however, in conjunction with malicious ActiveX or Java code, it can potentially freeze or crash a browser, or even crash the computer running that browser. The term "browser exploit" can also refer to the actual bug in the browser code." Source: Wikipedia.org
Having familiarized those two technical terms, I went back to the PRC website and discovered something. The website loads "malicious" urls or web addresses. These can be seen at the lowermost left part in Firefox.

One of these suspected urls is js.tongji.linezing.com.

PRC Zero Day Attack
Forum member cconniejean via http://www.who-is-who-in-gpt.com posted in a thread:
"Placing the link inside Unmask Parasites, the external references showed a hidden link to linezing.com. I recognized the domain name immediately as being associated with the new zero-day vulnerability. For Adblock we may want to go ahead with adding *js.tongji.linezing.com*, *img.tongji.linezing.com*, or on the safer side adding *linezing.com*.

Below is various articles from security blogs that are tracking some of the known domains. Viewing the list of domains you do see *js.tongji.linezing.com* listed, presently there appears to only be one URL so far, 'js.tongji.linezing.com/930456/tongji.js'.

1. New Attacks Against Internet Explorer
Monday July 6, 2009 at 2:39 am CST
Posted by Haowei Ren, Geok Meng Ong
Copyright © 2003 - 2009 McAfee, Inc. All Rights Reserved

2. IE 0day exploit domains (constantly updated)
Published: 2009-07-06,
Last Updated: 2009-07-10 19:53:56 UTC
by Andre L. (Version: 9)

3. Web Security Weblog
Thursday, June 11, 2009
Web Security Weblog: Malicious URLs"
The PRC technical department should act on this before users accessing the website are affected. The Zero-Day Attack may harm computers of the users especially that more and more of them will inquire on the much anticipated release of the June 2009 Nursing Board Exam results.

Just imagine how many computers will be infected and attacked by cyber-criminals with almost eighty thousand (80,000) examinees who took the exam and will later on access the PRC website.

Since PRC is a government agency and owns and maintains one of the most-accessed Philippine websites, it should now install effective and efficient security softwares in their server before it's too late.

I would like to suggest that the PRC technical department look after the culprits, which I suspect are the images and java script codes of the site.

PRC
Google PRC Warning

Update:

15 July 2009 - It's official. Google has classified the Official PRC Website as a site that "may harm your computer".

PRC WebsiteWe therefore recommend to users not go to the PRC website until the problem is resolved. We will keep you updated on this.

Update:

15 July 2009, 8:48 PM - The PRC website has been restored. It is now safe to surf the site although Google did not remove the warning notice yet in search results.

Update:

16 July 2009, 5:36 AM - Oh no! PRC website has got a problem again.


"Ten Best Posts of the Year" verification code: PBA09nq4qr92