Wagamama serves up malware from outdated site

By

Hackers exploit Plesk, visitors sucked into BlackHole.

Hackers have exploited a vulnerability in the Plesk content management system to upload malware to a website owned by the Wagamama restaurant chain.

Wagamama serves up malware from outdated site

The so-called 'RunForestRun' attack targeted Plesk, leading users to the Blackhole Exploit kit, a favourite tool among black hat hackers.

Attackers grabbed user account credentials, and injected obfuscated script into JavaScript files. On execution, the script decompiled as an iframe with random generated URLs that pointed visitors to Black Hole, Websense researchers said.

It was unknown if the targeted Plesk flaw was a result of the zero-day vulnerability revealed in July which may have resulted in the infection of 50,000 websites

The affected and outdated subdomain site was taken down at the time of writing. It was home to a 2009 competition between Wagamama and STA Travel, and remained active and unpatched for years.

Old unpatched subdomains are a common target for attack and should be removed after expiry or kept up to date. Many cut-rate third party hosts do not take responsibility for updating customer sites, elevating the likeihood sites would fall victim to mass attack campaigns.

Websense Australia and New Zealand country manager Gerry Tucker said admins should remove expired sites.

They are a threat vector, these sites are prime targets for malware guys," Tucker said.

"In reducing risks, they should maintain assets properly and then take them offline. At the same time, the right infrastructure and controls are important to prevent the compromise of sites [and] to protect visitors from being exposed."

He said 82 per cent of malware was found on compromised hosts.

Third-party microsites owned by Fairfax were hacked in January. The hacker claimed to SC they migrated across the network to gain access to Fairfax homepages, but the company denied this.

Scores more have been defaced via simple attack techniques. New victims could be viewed daily on leaderboard sites such as Zone-H.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
blackholeexploitsmalwareparallelspatchingplesksecurityvulnerabilitieswebsense

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?