Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Transocean oil/gas rig contractor compromised (deepwater.com) - UPDATE: NOW FIXED

View all posts > 

Transocean oil/gas rig contractor compromised (deepwater.com) - UPDATE: NOW FIXED

Posted: 25 Aug 2011 04:20 AM | Elad Sharf | no comments

Transocean, one of the world's biggest offshore drilling contractors, is currently compromised: its main Web site at deepwater.com is hosting malicious exploit code. Recently, Transocean has been implicated in the Deepwater Horizon oil spill resulting from the explosion of one of its oil rigs in the Gulf of Mexico


UPDATE: Transocean got in touch with us and we can confirm that the malicious code has now been removed. We appreciate the fast response by the Security team at Transocean.

Websense customers are protected from Web based threats by ACE, our Advanced Classification Engine.




Compromise Details


A few pages hosting exploit code have been created on the compromised Web server. Some of these pages are referred to by Iframes through the main page of the site. The pages use the CVE-2011-1255 vulnerability, which affects Microsoft Internet Explorer versions 6 through 8 and was patched on June 14 2011, and also CVE-2010-2884, a vulnerability in Flash Player that was patched on October 5 2010. Virustotal detection for the latter file is at 15%.


You can follow this site category on our AceInsights portal with this link.



Leave a Comment


Email address: (required)