jQuery site popped to serve malware slop

Visited September 18? Time to REFORMAT.

The jQuery site served credential-stealing malware to scores of users who visited the website on September 18, researcher James Pleger says.

The super-popular JavaScript library was used by 30 percent of websites including 70 percent of the 10,000 most popular sites which may have been compromised by the RIG exploit kit.

jQuery security bods found no evidence that its site was foisting the drive-by download however.

Pleger said the malware did not affect jQuery itself but did infect the website and urged those who visited the site during the alleged attack to re-image their machines.

"However, discovering information-stealing malware on jQuery.com is particularly disconcerting because of the demographic of jQuery users [who are] generally IT systems administrators and web developers, including a large contingent who work within enterprises," he said.

"Typically, these individuals have privileged access to web properties, backend systems and other critical infrastructure.

The redirection sequence

The redirection sequence. Risk IQ

"Planting malware capable of stealing credentials on devices owned by privilege accounts holders inside companies could allow attackers to silently compromise enterprise systems, similar to what happened in the infamous Target breach."

The Risk IQ research director found the compromise during a website scan and found a malicious script tag was delivering Rig through an invisible iframe.

Rig was discovered earlier this year packing exploits for Internet Explorer, Java, Adobe Flash, and Silverlight. Once installed it could drop malware like Zeus or encryption ransomware.

Symantec discovered it was used in the drive-by malware attack against website Ask Men. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017