sending visitors to download malware, Websense says

Updated on June 24, 2014 at 4:50pm ET to reflect comments from

Hackers have compromised, a men’s interest website on dating, celebrity news, and health – and they could be infecting thousands of users with malware, according to security researchers at Websense Inc.

While Websense researchers are still investigating how this happened, the most likely scenario is that hackers were scanning for popular sites for vulnerabilities. After finding one on, they launched a cross-site scripting attack and injected malicious code into a number of places on the site, as well as on localized versions of it.

The malicious code would then redirect visitors to a place where they would download Caphaw, a type of malware that allows hackers to automatically steal banking credentials and other kinds of crucial personal data. It also could let them bridge themselves onto a victim’s network. The exploit works if the site visitor is using an outdated version of Java or Adobe Reader, and all of this happens in the background, meaning site visitors who aren’t equipped with antivirus might never realize their systems are infected.

And considering is an Alexa-rated site, garnering more than 10 million visits every month, this could be really risky for people heading over to that site, said Alex Watson, director of security research at Websense.

While he couldn’t give an estimate of the number of people who may have downloaded the malware, he estimated it was “in the thousands,” and added it would probably primarily affect site visitors based in Canada, the U.S., and the U.K.

“We saw a fair amount of traffic on Monday morning … and we blocked every incident we saw, but it would very difficult to judge globally,” Watson said. “I can’t comment on how successful this particular campaign would be.”

Websense researchers first noticed the code injections on on June 21, when their analytics picked up on some code obfuscation techniques on the site. They alerted’s host master early Monday morning, but they haven’t heard back yet, Watson said.

“We have a pre-established policy to reach out to a compromised site and give them a period of time before going public. But really, the largest risk at this point was to our customer base,” he said.

“So there’s an Alexa-rated website that’s serving malicious content to anyone that visited the site. So I think you’re weighing wanting to allow the company to handle their security issue with the risk to customers. We decided to go out and protect people who might be visiting their website.”

In the meantime, he recommended that businesses and website owners who want to protect themselves from the same fate need to ensure they have a strong web security solution, which protects the web gateway against inbound threats.

For its part, said it hasn’t noticed an attack.

“We’ve done a thorough investigation and there is no evidence of any malware. We take security issues very seriously and we have multiple measures in place to protect our users. We’re also in contact with the vendor who purported to see evidence of an attack,” a spokesperson for the company said via email.

A story on reported a spokesperson as saying the site had not received any messages from Websense, nor had its developers found any malware.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice So
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs