We recently encountered a website of a major Japanese book publisher and distributor, of books, magazines, comics, movies, and games, injected with a malicious iframe leading to another website hosting an exploit kit.
As far as we know, at least three files on the book publisher’s site were compromised.
Figure 1. Malicious iframe found on publisher’s site
The malicious iframe was present across multiple pages including the homepage. Our telemetry shows the first potential victim visited the site at approximately 22:00 PST on January 5, 2014 (15:00 JST on January 6, 2014). The security issue was not fixed until late on January 8, PST (in the evening of January 9, 2014 JST).
The malicious iframe loads another website, hosting an exploit kit, as soon as a user visits the book publisher’s site. The exploit kit...