CyberSecurity/Data

AskMen denies trojan injection claim

Data Jimmy Nicholls

14:06, June 25 2014

image

image

Lifestyle site says security firm got it wrong.

AskMen has denied that its website was silently redirecting readers to malware downloads, following a claim from Websense Security Labs.

The malicious code was said to have been injected onto the main version of the lifestyle website, having been "obfuscated" and hidden at the bottom of legitimate JavaScript on the site.

Once the redirect took place a Caphaw trojan was downloaded to the victim's computer, allowing hackers to access files, redirect internet traffic and use the machine in denial-of-service attacks, according to Websense.

Abel Toro, researcher at Websense, said: "As we can see, even very popular websites are not immune to malicious code injection attacks."

He said that the infection may have spread to thousands of unknowing readers browsing the site, which was visited by 11.6 million people during May.

Sophie Laplante, audience development manager at AskMen, said: "We've done a thorough investigation and there is no evidence of any malware.

"We take security issues very seriously and we have multiple measures in place to protect our users. We're also in contact with the vendor who purported to see evidence of an attack."

In a blog post Websense outlined the attack in detail, posting images of the allegedly malicious code and the page on which the exploit was said to take place.



Source: Company Press Release

Comments

Post a comment

Comments may be moderated for spam, obscenities or defamation.