Hackers have exploited a vulnerability in the Plesk content management system to upload malware to a website owned by the Wagamama restaurant chain.
The so-called 'RunForestRun' attack targeted Plesk, leading users to the Blackhole Exploit kit, a favourite tool among black hat hackers.
The affected and outdated subdomain site was taken down at the time of writing. It was home to a 2009 competition between Wagamama and STA Travel, and remained active and unpatched for years.
Old unpatched subdomains are a common target for attack and should be removed after expiry or kept up to date. Many cut-rate third party hosts do not take responsibility for updating customer sites, elevating the likeihood sites would fall victim to mass attack campaigns.
Websense Australia and New Zealand country manager Gerry Tucker said admins should remove expired sites.
They are a threat vector, these sites are prime targets for malware guys," Tucker said.
"In reducing risks, they should maintain assets properly and then take them offline. At the same time, the right infrastructure and controls are important to prevent the compromise of sites [and] to protect visitors from being exposed."
He said 82 per cent of malware was found on compromised hosts.
Third-party microsites owned by Fairfax were hacked in January. The hacker claimed to SC they migrated across the network to gain access to Fairfax homepages, but the company denied this.
Scores more have been defaced via simple attack techniques. New victims could be viewed daily on leaderboard sites such as Zone-H.