Original URL: https://www.theregister.com/2009/07/03/best_buy_luckysploit_attack/

Latin Best Buy surfers sprayed by drive-by download malware

¡Ay, Caramba!

By John Leyden

Posted in Security, 3rd July 2009 13:02 GMT

Hackers have invaded the Best Buy website to plant exploit code targeted at South and central American surfers.

The villanos have manipulated the page that allows surfers, visiting the site from Latin America, to select language preferences between either Spanish or English. Beneath layers of concealment, surfers are redirected towards a site that serves up exploit code - specifically the Luckysploit web exploit kit - via an iFrame.

"The Luckysploit web exploit kit and the obfuscation seen is reminiscent of that found in Gumblar," security researchers at Trend Micro explain.

Checks on the hacker controller website involved in the attack reveal that it was registered on 4 June by the same Ukranian gang that ran the earlier Gumblar attack back in March.

Trend Micro informed Best Buy of the attack, and is reportedly in the process of cleaning up its site.

A full write-up of the attack, complete with screenshots, can be found in a blog posting by Trend Micro here. ®