LA Times website redirected users to exploit kit for over six weeks
Posted on 14 February 2013.
A sub-domain of Los Angeles Times' website has been redirecting visitors to compromised websites hosting the latest version of the Blackhole exploit kit for over six weeks (since Dec. 23, 2012), says Brian Krebs, and estimates that some 325,000 visitors were exposed to the attack.


Alerted to the fact that something was wrong with OffersandDeals.latimes.com by some of its readers, he investigated the matter with the help of Avast's director of threat intelligence Jindrich Kubec, who checked it and confirmed that the tips were, indeed, true and correct.

When first contacted, LA Times spokeswoman Hillary Manning stated that the problem was tied to the recent hack of the NetSeer advertising network site, which resulted in Google blocking popular third-party sites - among them the New York Times, the Washington Post, ZDNet and the LA Times - that were serving ads provided by the ad network. She claimed that the problem had been solved and that there were no additional ones.

Unfortunately for the publication, that was not true, as Avast and other security companies continued to detect exploits coming from the sub-domain. In a statement released a few hours later, the LA Times conceded that the security companies' readings were accurate, and that they resolved the situation.

"On February 6th the Los Angeles Times was made aware that malware was possibly being served by OffersandDeals.latimes.com. We quickly determined the problem was contained within the Offers & Deals sub-domain, which is maintained by a third party," they stated.

"Our forensics team undertook what is now an ongoing investigation and is working closely with the vendor to collect evidence surrounding the event. To ensure safety, the Offers & Deals platform has been rebuilt and further secured. The sub-domain generates only advertising content and does not contain any customer information. As a trusted source of news and information, The Times takes matters of internet security very seriously and are pleased to report that there is no malware currently detectable on Offers & Deals.”









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //