August 25, 2011

Transocean oil/gas rig contractor compromised (deepwater.com) - UPDATE: NOW FIXED

Elad Sharf Security Researcher

Transocean, one of the world's biggest offshore drilling contractors, is currently compromised: its main Web site at deepwater.com is hosting malicious exploit code. Recently, Transocean has been implicated in the Deepwater Horizon oil spill resulting from the explosion of one of its oil rigs in the Gulf of Mexico

UPDATE: Transocean got in touch with us and we can confirm that the malicious code has now been removed. We appreciate the fast response by the Security team at Transocean.


Websense customers are protected from Web based threats by ACE, our Advanced Classification Engine


Compromise Details 

A few pages hosting exploit code have been created on the compromised Web server. Some of these pages are referred to by Iframes through the main page of the site. The pages use the CVE-2011-1255 vulnerability, which affects Microsoft Internet Explorer versions 6 through 8 and was patched on June 14 2011, and also CVE-2010-2884, a vulnerability in Flash Player that was patched on October 5 2010. Virustotal detection for the latter file is at 15%.

You can follow this site category on our AceInsights portal with this link

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.