LA Times website redirected users to exploit kit for over six weeks
A sub-domain of Los Angeles Times' website has been redirecting visitors to compromised websites hosting the latest version of the Blackhole exploit kit for over six weeks (since Dec. 23, 2012), says Brian Krebs, and estimates that some 325,000 visitors were exposed to the attack.
Alerted to the fact that something was wrong with OffersandDeals.latimes.com by some of its readers, he investigated the matter with the help of Avast's director of threat intelligence Jindrich Kubec, who checked it and confirmed that the tips were, indeed, true and correct.
When first contacted, LA Times spokeswoman Hillary Manning stated that the problem was tied to the recent hack of the NetSeer advertising network site, which resulted in Google blocking popular third-party sites - among them the New York Times, the Washington Post, ZDNet and the LA Times - that were serving ads provided by the ad network. She claimed that the problem had been solved and that there were no additional ones.
Unfortunately for the publication, that was not true, as Avast and other security companies continued to detect exploits coming from the sub-domain. In a statement released a few hours later, the LA Times conceded that the security companies' readings were accurate, and that they resolved the situation.
This type of attack is sometimes called a "Watering Hole", where a site known to be popular with the target(s) is exploited so that it can launch attacks when the target visits.
Consider this Reason #7,308 to avoid all legacy media distribution channels.
Related: For all mockery LAT-related, check out Patterico's Pontifications. Hat tip: BadBlue Tech News.
Post a Comment