Hackers have invaded the Best Buy website to plant exploit code targeted at South and central American surfers.

The villanos have manipulated the page that allows surfers, visiting the site from Latin America, to select language preferences between either Spanish or English. Beneath layers of concealment, surfers are redirected towards a site that serves up exploit code - specifically the Luckysploit web exploit kit - via an iFrame.

Checks on the hacker controller website involved in the attack reveal that it was registered on 4 June by the same Ukranian gang that ran the earlier Gumblar attack back in March.

Trend Micro informed Best Buy of the attack, and is reportedly in the process of cleaning up its site.

A full write-up of the attack, complete with screenshots, can be found in a blog posting by Trend Micro here. ®

Related stories

• Thousands of sites loaded with potent malware cocktail (16 October 2009)
• Seeking web security, exploit operators prefer Firefox (21 August 2009)
• Updated Digital Spy fights second malware attack (20 July 2009)
• Hackers crack ColdFusion (3 July 2009)
• Spotify founder hints at video, P2P sharing, world domination (30 June 2009)
• Blue chip FTP logins found on cybercrime server (26 June 2009)
• Nine-ball attack splits security researchers (23 June 2009)
• Updated Digital Spy struggles to pin down tainted ad infection (2 June 2009)
• New script outstrips all other drive-by download risks (15 May 2009)