Close shave after WordPress mess was cut off at the roots
Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says.
Attackers are using the RIG exploit kit, which recently dethroned Neutrino as the most popular of the off-the-shelf crime kits that make exploitation easier for black hats.
Just For Men parent company Combe updated the site from a vulnerable version of WordPress following a tip off from Segura.
“Our automated systems detected the drive-by download attack pushing the RIG exploit kit, eventually distributing a password stealing trojan,” Segura says.
“… the homepage of justformen.com has been injected with obfuscated code [which] belongs to the EITest campaign and this gate is used to perform the redirection to the exploit kit.”
The attack campaign reported in October 2014 used a Flash file to compromise thousands of websites, including the Department of Statistics at Carnegie Mellon University.
Limited activity has been detected in Neutrino since attack traffic ebbed last week, although there is no concrete evidence the criminal group behind it have abandoned the kit or been arrested.
The Angler exploit kit was behind a whopping 40 percent of all infections of its type having compromised nearly 100,000 websites and tens of millions of users, generating some US$34 million annually for its authors.
Its authors were arrested among the 50 hackers of the Russian Lurk trojan group in June, a fact that was confirmed only last month. ®