A website for the rubber goods brand Dunlop was compromised to distribute CryptXXX ransomware to customers viewing a slideshow of DIY projects featuring its product line, according to endpoint security software firm Invincea.
In a blog post published today, Invincea reports that the website www.dunlopdiy.com has been using a vulnerable sideshow plugin that cybercriminals exploited in order to redirect visitors to an alternate site hosting the Neutrino Exploit Kit. Neutrino then scans for security software – if none is found, the report continues, the “command shell is opened and the Windows utility of Wscript is accessed to download the ransomware payload from a command and control server.” Dunlop has been informed of the attack.
Invincea posits that the original compromise is likely the work of a botnets such as SoakSoak, that scan websites for vulnerable software and launch automated attacks.