Latest Victim Of An Exploit Kit - Lenovo, India
Update 05/04/11 @ 7.49pm IST: Thanks to feedback from an Anonymous blog poster, I've done some further investigation and this attack actually appears to be tied to the Incognito Exploit kit as opposed to the Blackhole Exploit kit.
Back in February, I posted a blog about the rising prevalence of attacks involving Blackhole exploit kits. We received numerous comments and emails about the same threat being found on various websites from our blog readers. The toolkit has been linked to from numerous compromised websites, which in turn have victimized a number of their visitors.
Attackers are injecting malicious iframes into the legitimate sites, which in turn redirect to malicious websites hosting the
Incognito exploit kit. We have observed and identified such compromised sites due to Zscaler’s advanced security features in our solution. The latest victim is Lenovo, India whose website for product warranties http://www.lenovowarranty.co.in/
has been compromised, redirecting visitors silently to the
Incognito exploit kit. Here is the screenshot of the home page of the compromised Lenovo site:
One of the pages on the site, http://www.lenovowarranty.co.in/regspacks2.asp, is infected with a malicious iframe. Here is the screenshot of that page: