USPS’s RIBBS Customer service site compromised by malware

Update: Zscaler Research reports RIBBS.usps.gov has been taken offline. The site also has much more detail on the infection and how it works.

If you look up the US Postal Service’s RIBBS Customer Support site on Google today, you’re currently being warned that the site “may harm your computer”:

Google’s diagnostic page for the site goes into more detail:

What is the current listing status for ribbs.usps.gov?

Site is listed as suspicious – visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 100 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-04-07, and the last time suspicious content was found on this site was on 2011-04-07.

Malicious software includes 2 scripting exploit(s), 2 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 6 domain(s), including winupdateserver.su/, oldschool.vv.cc/, learningtogether.net/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including learningtogether.net/, hdd1.ru/.

via Google Safe Browsing diagnostic page for ribbs.usps.gov.