Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says. Attackers are using the RIG exploit kit, which recently dethroned Neutrino as the most popular of the off-the-shelf crime kits that make exploitation easier for black hats. Just For Men parent company Combe updated the site from a vulnerable version of WordPress following a tip off from Segura. “Our automated systems detected the drive-by download attack pushing the RIG exploit kit, eventually distributing a password stealing trojan,” Segura says.
View full story
ORIGINAL SOURCE: The Register