Users visiting the Popular Science website have been targeted with a drive-by download attack.
Attackers used the tactic to inject code in the website which would redirect visitors to an online location hosting the Rig exploit kit.
Rather than scanning for vulnerable plug-ins, in this case the kit first checked the target system for the presence of certain anti-virus software and proceeded with the plug-in exploitation if none of the products on its list were encountered.
In order to do this, the cybercriminals leverage another vulnerability, this time in the XMLDOM ActiveX control in Windows 8.1 and lower, which also allows enumeration of local resources.
VIEW FULL STORY
