Hasbro.com, the corporate portal of a company known for toys and games, including brands such as Star Wars, Transformers, and My Little Pony, in addition to hosting content for younger children, has been compromised.
Researchers at Barracuda Labs have discovered drive-by attacks originating from Hasbro, which started earlier this month. Snapshots of the malicious activity show payload deliveries on January 10th, 11th, 14th, and 20th. However, the researchers note that the campaign is ongoing. The attack uses HTTPS to obfuscate the redirection, making it hard for desktop security offerings to detect the attack, and leaving the user clueless as to what's happening.
Once the transfers are complete, the user is served various payloads that target Java, delivering several exploits in the off chance that the visitor is vulnerable. From there, the attackers will leverage a successful Java exploit to deliver malware. During testing, Barracuda Labs found that detection rates on the initial payload targeting Java are low, with Symantec and Trend Micro reporting that the files are harmless.
In a statement, the company advises the public to avoid the site:
"Given the frequency with which Hasbro’s website has recently served drive-by downloads, Barracuda Labs recommends that users refrain from visiting the site until its operators have confirmed it is safe again"
For those wishing to research further, Barracuda Labs has released PCAP files showing the attack sequence.
In related news, Cracked.com was compromised again earlier this month, serving malicious software to visitors that target their browser and plug-ins. The comedy portal was first compromised in November, not long after PHP.net was hit by a similar attack.