Hasbro's website(Hasbro.com) has been compromised by Hackers and abused to distribute malware onto visitors’ computers. Hasbro is the American toy and board game company.
According to Researcher Paul Royal, Web Security from barracudalabs On Monday January 20, Hasbro’s website pushed malicious software to visitors’ computers. As with the Cracked.com compromise a week prior, the incident was the result of direct site compromise, and affected users were unlikely to have recognized that their computers were infected.
The chain of redirects that began at Hasbro’s front page and ended with the installation of malicious software on visitors’ computers were as follows.
hxxp://www[.]hasbro[.]com
-> hxxp://www[.]hasbro[.]com/<redacted> (xMultiple)
–> hxxp://stats[.]jusybes[.]pw/<redacted>
—> hxxps://stats[.]jusybes[.]pw/<redacted> (xMultiple)
—-> hxxp://ahnc[.]blockscheine[.]com/redacted (xMultiple)
The second request to stats[.]jusybes[.]pw is notable as HTTPS is used to obfuscate the resulting redirection to ahnc[.]blockscheine[.]com, which serves several Java exploits. Upon successful exploitation, a payload is installed that is not well detected
According to Researcher Paul Royal, Web Security from barracudalabs On Monday January 20, Hasbro’s website pushed malicious software to visitors’ computers. As with the Cracked.com compromise a week prior, the incident was the result of direct site compromise, and affected users were unlikely to have recognized that their computers were infected.The chain of redirects that began at Hasbro’s front page and ended with the installation of malicious software on visitors’ computers were as follows.
hxxp://www[.]hasbro[.]com
-> hxxp://www[.]hasbro[.]com/<redacted> (xMultiple)
–> hxxp://stats[.]jusybes[.]pw/<redacted>
—> hxxps://stats[.]jusybes[.]pw/<redacted> (xMultiple)
—-> hxxp://ahnc[.]blockscheine[.]com/redacted (xMultiple)
The second request to stats[.]jusybes[.]pw is notable as HTTPS is used to obfuscate the resulting redirection to ahnc[.]blockscheine[.]com, which serves several Java exploits. Upon successful exploitation, a payload is installed that is not well detected
No comments:
Post a Comment