Original URL: https://www.theregister.com/2014/10/31/popsci_drive_by_download_risk/
Popular Science site shrugs off malicious code infection
No warning, no response... at least it killed the code
Posted in Security, 31st October 2014 10:57 GMT
Surfers visiting Popular Science would be well advised to check their systems following an attack that has left the site compromised and harbouring malicious code.
Security firm Websense warns that visiting the site exposed surfers to the RIG exploit kit. The malicious code was removed on Wednesday, but a number of surfers may still be harbouring infections after being sprayed with malicious code earlier this week.
RIG is a hacker tool that uses client-side software exploits to push malware payloads onto the Windows PCs of visiting surfers. The RIG Exploit Kit features exploit code for various vulnerable plug-ins such as Java, Flash and SilverLight, according to Websense.
The hacker tool, which first surfaced in April, has been linked with the distribution of the particularly nasty CryptoWall ransomware.
Websense notified Popular Science – which gets more than 4.5 million visitors a month – of the compromise prior to going public on Tuesday, at which point the site was still contaminated with malicious code.
El Reg put in a queries via both Twitter and email to senior editor Paul Adams but has yet to hear back from the popular science site.
Failing to respond the media and security firms during a breach (Kaspersky Lab's Threatpost story here) is one thing, but what's harder to justify is that PopSci appears to have made no attempt to warn surfers that it may have had a problem.
The threat on the Popular Science website persisted for more than 24 hours, between 08:00 on Tuesday 28 October until around 12:00 on Wednesday 29 October, according to Websense.
We will update if we hear more. ®