SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea.
The situation has since been cleaned up. Details and pictures can be found here on Invincea’s blog.
The exploit used a number of tactics and techniques to evade detection while exploiting the Java software plug-in, the company stated in a blog post. In addition, Invincea discovered this particular attack campaign utilized “the lesser-known” g01pack exploit kit, which is known to typically drive traffic to a landing page via malvertising where victims would be served with rogue antivirus.
The Java exploit puts this incident in line with other recent attacks targeting Java vulnerabilities, including high-profile incidents such as the ‘Red October’ cyber-espionage campaign publicized earlier this month by Kaspersky Lab. In response to criticism, Oracle recently pledged to do more outreach to the Java user community regarding security concerns.
The attack is another example of how hackers are utilizing legitimate sites to trap unsuspecting users.
In Cisco Systems’ 2013 Annual Security report, researchers found that online shopping sites are 21 times as likely—and search engines 27 times as likely—to serve malicious content as counterfeit software sites. Along the same lines, online advertisements are 182 times as likely to deliver malicious content as pornography sites.
The results of the report confirmed that “users aren’t stupid,” Mary Landesman, senior security researcher at Cisco, told SecurityWeek’s Fahmida Rashid.
There is an overwhelming perception that people get compromised for “going to dumb sites,” Landesman said. “The Web is extremely complex and people are making mistakes, she said.