Wagamama serves up malware from outdated site

By

Hackers exploit Plesk, visitors sucked into BlackHole.

Hackers have exploited a vulnerability in the Plesk content management system to upload malware to a website owned by the Wagamama restaurant chain.

Wagamama serves up malware from outdated site

The so-called 'RunForestRun' attack targeted Plesk, leading users to the Blackhole Exploit kit, a favourite tool among black hat hackers.

Attackers grabbed user account credentials, and injected obfuscated script into JavaScript files. On execution, the script decompiled as an iframe with random generated URLs that pointed visitors to Black Hole, Websense researchers said.

It was unknown if the targeted Plesk flaw was a result of the zero-day vulnerability revealed in July which may have resulted in the infection of 50,000 websites

The affected and outdated subdomain site was taken down at the time of writing. It was home to a 2009 competition between Wagamama and STA Travel, and remained active and unpatched for years.

Old unpatched subdomains are a common target for attack and should be removed after expiry or kept up to date. Many cut-rate third party hosts do not take responsibility for updating customer sites, elevating the likeihood sites would fall victim to mass attack campaigns.

Websense Australia and New Zealand country manager Gerry Tucker said admins should remove expired sites.

They are a threat vector, these sites are prime targets for malware guys," Tucker said.

"In reducing risks, they should maintain assets properly and then take them offline. At the same time, the right infrastructure and controls are important to prevent the compromise of sites [and] to protect visitors from being exposed."

He said 82 per cent of malware was found on compromised hosts.

Third-party microsites owned by Fairfax were hacked in January. The hacker claimed to SC they migrated across the network to gain access to Fairfax homepages, but the company denied this.

Scores more have been defaced via simple attack techniques. New victims could be viewed daily on leaderboard sites such as Zone-H.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?