According to a US Postal Service spokesperson, the RIBBS website was taken down April 4, shortly after the service began receiving notices of something afoot from its customers. The RIBBS site, which stands for Rapid Information Bulletin Board System, is a portal for the USPS’ ‘Intelligent Mail’ services, such as barcode tracking.
Zscaler began receiving notices on April 6 that its services were blocking access to the RIBBS site because of a Javascript code linked to the Blackhole Exploit Kit, a commercially developed package that the company says has been developed by Russian Hackers.
The exploit was outlined in a recent security blog posting by Michael Sutton, Zscaler’s VP of security research. The attack comes in three parts, he noted – the initial infection, a redirect, and then the delivery of obfuscated Javascript.
“Yet again, we have a legitimate website with a significant user base being used as a catalyst for attack”, Sutton wrote. “We have a potent attack that has no doubt affected many end users.”
“At least snail mail is still safe”, Sutton joked.
He added that Zscaler informed USPS officials of the infection, which a Postal Service spokesperson confirmed for Infosecurity. However, the injected code remains on the RIBBS website “while the situation continues to be remediated” the spokesperson said.
The same spokesperson said he expects the RIBBS site to be up again sometime today, but the site appears to still be down at the time of writing. Meanwhile, the USPS requests that all users of the RIBBS service email the USPS directly with any questions or concerns.