AskMen.com website redirects to Caphaw malware, WebSense says
High-traffic websites can potentially expose thousands of visitors to automated attacks
IDG News Service - AskMen.com, a popular website with millions of monthly visitors, was redirecting visitors to other domains that delivered the Caphaw malware, according to security vendor WebSense.
The website, which is published by Ziff Davis, has been notified, but WebSense has not received an acknowledgment, wrote researcher Abel Toro on a company blog. AskMen.com could not immediately be reached for comment.
It's a common tactic for hackers to compromise legitimate high-traffic websites, causing visitors to be redirected to other domains that have been engineered to run an automated attack looking for software vulnerabilities.
"An attack of this scale can potentially infect tens of thousands of unsuspecting users due to the nature of the attack and the high popularity of the website," Toro wrote.
A new attack domain is generated every day, as such malicious URLs are usually blacklisted after a short time by security companies. That domain calculation is predictable, however, which allowed WebSense to calculate future domains that will be used, Toro wrote.
Those malicious domains are likely hosting the "Nuclear Pack" exploit kit, which is an attack tool that hunts for software vulnerabilities. In the AskMen.com attack, the Nuclear Pack tries exploits for either outdated Java or Adobe Systems' Reader software, Toro wrote.
If the attack is successful, a malicious software called "Caphaw" is installed, which has complete control over the computer, Toro wrote.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Trends Shaping Software Management: 2014 Most IT executives recognize the relationship between mobile computing and worker productivity, and have long issued notebook computers and other mobile devices to...
- Software Asset Management: Pay Attention or Pay Up There is a wide range of options for managing software assets, from in-house solutions to the cloud to managed services providers. Read this...
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Leveraging Flash Storage to Accelerate Oracle Real Application Clusters Join this webinar to understand the latest solid-state storage trends, the specific applications driving solid-state storage deployments and the benefits of deploying the... All Malware and Vulnerabilities White Papers | Webcasts