Posted September 20, 2016 by Jérôme Segura
The website for Just For Men, a company that sells various products for men as its name implies, was serving malware to its visitors. Our automated systems detected the drive-by download attack pushing the RIG exploit kit, eventually distributing a password stealing Trojan.
In this particular attack chain we can see that the homepage of justformen[.]com has been injected with obfuscated code. It belongs to the EITest campaign and this gate is used to perform the redirection to the exploit kit. EITest is easy to recognize (although it has changed URL patterns) for its use of a Flash file in its redirection mechanism.
RIG EK has now taken over Neutrino EK as the most commonly used and seen toolkit in the wild. Neutrino EK, which had been the contender to Angler’s top spot has been relatively quiet lately.
Full Article
http://community.webroot.com/html/assets/SigCG.png
Just For Men website serves malware
+21Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.