AskMen.com, a popular website with millions of monthly visitors, was redirecting visitors to other domains that delivered the Caphaw malware, according to security vendor WebSense.
The website, which is published by Ziff Davis, has been notified, but WebSense has not received an acknowledgment, wrote researcher Abel Toro on a company blog. AskMen.com could not immediately be reached for comment.
It’s a common tactic for hackers to compromise legitimate high-traffic websites, causing visitors to be redirected to other domains that have been engineered to run an automated attack looking for software vulnerabilities.
“An attack of this scale can potentially infect tens of thousands of unsuspecting users due to the nature of the attack and the high popularity of the website,” Toro wrote.
A new attack domain is generated every day, as such malicious URLs are usually blacklisted after a short time by security companies. That domain calculation is predictable, however, which allowed WebSense to calculate future domains that will be used, Toro wrote.
Those malicious domains are likely hosting the “Nuclear Pack” exploit kit, which is an attack tool that hunts for software vulnerabilities. In the AskMen.com attack, the Nuclear Pack tries exploits for either outdated Java or Adobe Systems’ Reader software, Toro wrote.
If the attack is successful, a malicious software called “Caphaw” is installed, which has complete control over the computer, Toro wrote.