A week ago (on Monday, January 20), as well as on January 14, 11, and 10, Hasbro’s website pushed malicious software to visitors’ computers. As with the Cracked.com compromise a week prior, the incident was the result of direct site compromise, and affected users were unlikely to have recognized that their computers were infected. For reference, below is a screenshot of Barracuda Labs’ malicious URL detection environment after a successful attack.
...Upon successful exploitation, a payload is installed that is not well detected (both Symantec and Trend flag the malicious executable as benign).
Given the frequency with which Hasbro’s website has recently served drive-by downloads, Barracuda Labs recommends that users refrain from visiting the site until its operators have confirmed it is again safe.
Sunday, February 02, 2014
Warning: Hasbro.com Pushing Malicious Software
According to Barracuda Labs, you might want to avoid Hasbro.com for the next week or so as it seems the site is pushing malicious software (viruses, malware). I have no idea if Hasbro is aware of the problem and working on it. Considering companies in general loathe to acknowledge bad news of any kind, it may be hard to tell when the site will be safe again. So until they get up to speed and fix the problem, its just safer to not visit the website. This could be a larger problem than normal since Transformers: Age of Extinction teaser trailer is coming tonight and that may drive traffic to their site. No mention is made if their online store, HasbroToyShop.com but might be best to avoid any Hasbro site until they do a security sweep of their site servers. More details at the article, highlights below. Thanks to Wynton R. for the link.