AskMen denies trojan injection claim

AskMen has denied that its website was silently redirecting readers to malware downloads, following a claim from Websense Security Labs.

The malicious code was said to have been injected onto the main version of the lifestyle website, having been "obfuscated" and hidden at the bottom of legitimate JavaScript on the site.

Once the redirect took place a Caphaw trojan was downloaded to the victim’s computer, allowing hackers to access files, redirect internet traffic and use the machine in denial-of-service attacks, according to Websense.

Abel Toro, researcher at Websense, said: "As we can see, even very popular websites are not immune to malicious code injection attacks."

He said that the infection may have spread to thousands of unknowing readers browsing the site, which was visited by 11.6 million people during May.

Sophie Laplante, audience development manager at AskMen, said: "We’ve done a thorough investigation and there is no evidence of any malware.

"We take security issues very seriously and we have multiple measures in place to protect our users. We’re also in contact with the vendor who purported to see evidence of an attack."

In a blog post Websense outlined the attack in detail, posting images of the allegedly malicious code and the page on which the exploit was said to take place.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing