Personal
< Personal
Products
Malwarebytes Premium >
Malwarebytes Privacy VPN >
Malwarebytes Identity Theft Protection >
Malwarebytes Browser Guard >
Malwarebytes for Teams/small offices >
AdwCleaner for Windows >

Find the right product
See our plans
Infected already?
Clean your device now
Solutions
Free antivirus >
Free virus scan & removal >
Windows antivirus >
Mac antivirus >
Android antivirus >
iOS security >
Chromebook antivirus >

See personal pricing
Manage your subscription
Visit our support page
Business
< Business
BUNDLES
Core
Prevent and remediate threats and identify vulnerabilities
Advanced
Utilize threat guidance and patch management plus everything in Core
Elite
Deploy Managed Detection and Response plus everything in Advanced
Ultimate
Protect against categories of malicious websites plus everything in Elite
TECHNOLOGY HIGHLIGHTS
Managed Detection & Response (MDR)
Deploy fully-managed threat monitoring, investigation, and remediation
Endpoint Detection & Response (EDR)
Prevent more attacks with security that catches what others miss
Security Advisor
Visualize and optimize your security posture in just minutes
For Education
Secure your students and institution against cyberattacks
Learn more about Security Advisor (available in every bundle) and see the full list of our products and services.
Full technology list >
Pricing

< Pricing

Personal pricing
Protect your personal devices and data
Small office/home office pricing
Protect your team’s devices and data
Business pricing
Explore our award-winning endpoint security products, from EP to EDR to MDR
Partners
< Partners
Explore Partnerships
Partner Solutions
Resellers
Managed Service Providers
Computer Repair
Technology Partners
Affiliate Partners
Contact Us
Resources
< Resources
Learn About Cybersecurity
Antivirus
Malware
Ransomware
Malwarebytes Labs – Blog
Glossary
Threat Center
Business Resources
Reviews
Analyst Reports
Case Studies
Press & News
Reports

The State of Malware 2023 Report

Read report
Support
< Support
Technical Support
Personal Support
Business Support
Premium Services
Forums
Vulnerability Disclosure
Report a False Positive
Featured Content
Activate Malwarebytes Privacy on Windows device.
See Content

Product Videos

A Look Behind The Skype Malvertising Campaign

Exploits and vulnerabilities | News | Threats

AskMen.com compromised again

Posted: July 18, 2014 by Jérôme Segura

Last month, security firm Websense reported that popular website AskMen.com was compromised to serve malicious code.

Today, our honeypot captured an attack coming from AskMen.com in what appears to have been malicious code injected in their server:

malicious_injection

This piece of code creates an iframe:

i_frame

That is what is used to do a redirection to a malicious site:

We can see a function that performs a rot13 to prepare the URL:

rot_13

This URL is a landing page for the Nuclear EK:

landing

Flash exploit: VT link
PDF exploit: VT link
Java exploit: VT link

Finally the following payload is dropped and executed:

7d1f6a2a767b32c7f8c2743464cba8bc. Malwarebytes Anti-Malware detects it as Trojan.Kelihos.

Here is the full traffic workflow:

hxxp://www.askmen.com/top_10/dating/top-10-white-rappers.html hxxp://static.isltest.net/pop2.php?acc=%BF%EFW%A1%D8pO%16%923%BF%BA%28%86%ED%C7%9CVK%88%DF%A2%F6c&nrk=7661155079 hxxp://870e992ddjffaz.topsamurai.co.vu/ hxxp://1806393499-6.topsamurai.co.vu/1405652160.swf hxxp://1806393499-6.topsamurai.co.vu/1405652160.pdf hxxp://1806393499-6.topsamurai.co.vu/1405652160.jar hxxp://1806393499-6.topsamurai.co.vu/f/1405652160/2 hxxp://1806393499-6.topsamurai.co.vu/f/1405652160/2/2

and Fiddler capture:

fiddler

Our free Malwarebytes Anti-Exploit blocked this threat:

blocked

We notified AskMen.com and they promptly replied that they were looking into the matter immediately.

If you are interested in the files / network captures, feel free to get in touch.

RELATED ARTICLES