FireEye, a security company that is all the rage these days for selling products based on sandboxing technology, had its careers site serving up malware thanks to a poorly maintained video player:
An attack on a popular open source video player resulted in nearly 200 detected infections, including successfully infiltrating the careers website at security firm FireEye this weekend, according to security researchers there who investigated the incident.
FireEye said nearly 50 visitors to its careers webpage detected the attack, which was served up by a third-party advertiser. The attackers used the Darkleech attack toolkit to serve up the Reveton ransomware, a financially motivated campaign designed to steal account credentials and other data, said Darien Kindlund, manager of threat intelligence at FireEye.
“Our internal security, IT operations team, and third-party partners quickly researched and discovered that the malicious code was not hosted directly on any FireEye web infrastructure, but rather, it was hosted on a third-party advertiser (aka “malvertisement”) that was linked via one of our third-party web services,” Kindlund wrote in an analysis of the attack. “The team then responded and immediately removed links to the malicious code in conjunction with our partners in order to protect our website users.”
The company later acknowledged the attack on its own blog, and provided some minor details about how the the exploit functioned.
(disclaimer: I work for McAfee, a FireEye competitor)
This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.