Websense Says that AskMen.com Website Maligned with Malware

Security researchers of security firm Websense have observed that a popular men's portal AskMen.com is spreading malware. The AskMen.com, among Alexa top 1000 website, gets around 11.6 million visitors in a month offering the attackers a bunch of huge potential victims.

Websense discovered the compromise on Monday, 23rd June, 2014 and reported it to the domain administrator but had not acknowledged the reports.

It is best to avoid the domain completely till the issue is resolved.

Csoonline.com reported on 23rd June, 2014 stating an explanation of researchers of Websense as "the injected code has been found in multiple locations within the main website as well as in localized versions of it."

The researchers added that when a user browses the main website, the injected code automatically loads and silently redirects the user to a website which serves the actual exploit code and this injected code is unclear which may be spotted at the bottom of the legitimate JavaScript webpages on the website of AskMen.

Pcworld.com reported on 23rd June, 2014 quoting a blog of Security Researcher Abel Toro of Websense as "The domains hosting the exploit code are constantly changing." The injected JavaScript code takes the current date and then uses an algorithm to mix that data which generates a domain name where hackers have hosted the exploit kit."

Those malevolent domains are hosting the Nuclear Pack EK (exploit kit) which is an assault tool that searches for software flaws. Toro wrote that the Nuclear EK tries exploits for either out-of-date Java or Reader software of Adobe System while attacking AskMen.com.

Toro wrote that if the attack becomes successful then malware christened "Caphaw" is installed on the computer taking total control of it.

The security firm explained that Caphaw is a threat used for several purposes including click fraud, info-stealing and search result hijacking and apparently originating from Russia and Ukraine.

Websense said that even popular websites (referring to AskMen.com) are not protected from attacks of malicious code junction. Community.Websense.com reported on 23rd January, 2014 stating that an attack of this scale has the potential to infect tens of thousands of innocent users due to its nature of attack and high popularity of the website.

» SPAMfighter News - 6/30/2014