Metro US news site suffers malware scare

Security

by Jimmy Nicholls| 23 July 2014

Could the site be another victim of malicious code injection?

Metro International's US website has been hacked to serve malicious code to users, according to security firm Websense.

The news site, which is not linked to the British newspaper of the same name, is thought to have been injected with code that redirects users to a malware download, a contention Metro is said to be investigating.

Carl Leonard, senior manager of security research at Websense, said: "The rising prevalence of cybercriminals targeting news and media sites highlights that businesses cannot afford to continue to put web security on the back burner - ignorance absolutely is not bliss when it comes to cybersecurity."

A RIG exploit kit is said to be used to drop the virus, a tool that emerged this April and has previously been connected with Cryptowall ransomware.

In the last two months the United States accounted for a third of countries affected by the kit, with Canada, Australia and the UK accounting for 6% each, according to Websense.

"A compromised website courtesy of malicious actors, as is the case with Metro US, is a disaster in every organisation's book," Leonard added.

"It is therefore vital that businesses formulate a tried and trusted disaster recovery plan."

Metro has yet to reply to requests for comment.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.