Menu
AskMen.com website redirects to Caphaw malware, WebSense says

AskMen.com website redirects to Caphaw malware, WebSense says

High-traffic websites can potentially expose thousands of visitors to automated attacks

Injected JavaScript on the main page of AskMen.com was redirecting visitors to domains that delivered malware, according to vendor WebSense.

Injected JavaScript on the main page of AskMen.com was redirecting visitors to domains that delivered malware, according to vendor WebSense.

AskMen.com, a popular website with millions of monthly visitors, was redirecting visitors to other domains that delivered the Caphaw malware, according to security vendor WebSense.

The website, which is published by Ziff Davis, has been notified, but WebSense has not received an acknowledgment, wrote researcher Abel Toro on a company blog. AskMen.com could not immediately be reached for comment.

It's a common tactic for hackers to compromise legitimate high-traffic websites, causing visitors to be redirected to other domains that have been engineered to run an automated attack looking for software vulnerabilities.

"An attack of this scale can potentially infect tens of thousands of unsuspecting users due to the nature of the attack and the high popularity of the website," Toro wrote.

Hackers had injected JavaScript code on multiple parts of the landing page of AskMen.com, which then redirected people to other domains hosting the exploit code, Toro wrote. The injected code was found at the bottom of legitimate JavaScript pages on AskMen's site, he wrote.

The domains hosting the exploit code are constantly changing, Toro wrote. The injected JavaScript code takes the current date and then uses an algorithm to hash that data, which generates a domain name where the hackers have hosted the exploit kit.

A new attack domain is generated every day, as such malicious URLs are usually blacklisted after a short time by security companies. That domain calculation is predictable, however, which allowed WebSense to calculate future domains that will be used, Toro wrote.

Those malicious domains are likely hosting the "Nuclear Pack" exploit kit, which is an attack tool that hunts for software vulnerabilities. In the AskMen.com attack, the Nuclear Pack tries exploits for either outdated Java or Adobe Systems' Reader software, Toro wrote.

If the attack is successful, a malicious software called "Caphaw" is installed, which has complete control over the computer, Toro wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityAskMen.comExploits / vulnerabilitieswebsensemalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments