Establishing Digital Trust: Don't Sacrifice Security for Convenience
Malwarebytes researchers recently discovered that toy company Hasbro's official Web site was pushing malware to visitors on January 10, 11, 14 and 20, 2014.
"As with the Cracked.com compromise a week prior, the incident was the result of direct site compromise, and affected users were unlikely to have recognized that their computers were infected," Malwarebytes researcher Paul Royal wrote in a blog post detailing the compromise.
Following a series of redirects, a malicious payload was installed on Hasbro.com visitors' computers -- according to VirusTotal, anti-virus solutions from Kaspersky, Microsoft and Trend Micro currently fail to detect the payload as malicious.
"Given the frequency with which Hasbro’s website has recently served drive-by downloads, Barracuda Labs recommends that users refrain from visiting the site until its operators have confirmed it is again safe," Royal wrote.