AskMen malware attack may have exposed thousands

AskMen has confirmed it suffered a malware injection this week, potentially exposing thousands of readers to the Caphaw trojan.

The lifestyle website found no malware on its servers during an initial sweep on June 23 and publicly denied it had been attacked, but a check the next day revealed the site had been infected.

A spokesman from the firm said: "All viruses from the AskMen.com site have been eliminated and we’re keeping a sharp eye for similar threats going forward."

"We estimate that a very small percentage of our readers may have been exposed to the malware (approximately 0.1% of our readers)."

Security firm Websense alerted the company to the problem in a blog posted on their website, claiming that a malicious piece of JavaScript was redirecting visitors to a trojan download.

Caphaw, also called Shylock, gives hackers access to files, allows them to redirect internet traffic, and can rope machines into serving distributed-denial-of-service (DDoS) attacks on other computers and servers.

Abel Toro, researcher at Websense, said: "As we can see, even very popular websites are not immune to malicious code injection attacks."

Before AskMen’s confirmation of the attack he had predicted thousands might have been infected by the malware, with the website’s monthly visitors coming to 11.6 million during May.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing