HackDig : Dig high-quality web security articles for hacker

jQuery.com compromised to serve malware via drive-by download

2014-09-23 13:30
jQuery.com, the official website of the popular cross-platform JavaScript library of the same name, had been compromised and had been redirecting visitors to a website hosting the RIG exploit kit and, ultimately, delivering information-stealing malware.

While any website compromise is dangerous for users, this one is particularly disconcerting because of the demographic of its users, says James Pleger, Director of Research at RiskIQ.

"The jQuery library is a very popular toolkit for developing websites with dynamic content and is widely used by developers within enterprises. jQuery users are generally IT Systems Administrators and Web Developers, including a large contingent who work within enterprises," he pointed out.

"Typically, these individuals have privileged access to web properties, backend systems and other critical infrastructure. Planting malware capable of stealing credentials on devices owned by privilege accounts holders inside companies could allow attackers to silently compromise enterprise systems, similar to what happened in the infamous Target breach."

The attack was first detected on September 18, and given that the malicious redirector was hosted on a domain that was registered on the same day, it's more than likely that that was the day when the attack actually started.

RiskIQ researchers have immediately notified the jQuery Foundation about the compromise, and the site's administrators have removed the malicious script. The bad news is that they still don't know how the compromised happened, so it just might happen again.

Users who have visited the site on or around September 18 are advised to check whether they have been compromised by the malware. The researchers recommend immediately re-imaging of the system, resetting passwords for user accounts that have been used on it, and checking whether suspicious activity has originated from it (data exfiltration, etc.).

The only good news in all of this is that there is no indication that the jQuery library was affected.





Source: php.swen_erawlam/wzgERb_CzLC/3~/ytiruceSteNpleH/r~/moc.elgoog.yxorpdeef

Read:1431 | Comments:0 | Tags:No Tag

“jQuery.com compromised to serve malware via drive-by download”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud