Popular Science was serving up malicious code on its website earlier this week, according to new research from Websense.
A malicious iFrame redirected users to websites serving up the Rig Exploit Kit, which resulted in a malicious executable being dropped on their system. The exploit kit used the CVE-2013-7331 XMLDOM ActiveX control vulnerability to make the target system list all its installed antivirus software.
If the system didn’t have specific antivirus software installed, then the exploit kit continued to scan installed plug-ins and versions, including Flash, Silverlight, and Java. If a plug-in was vulnerable, it launched the appropriate exploit.
Websense reported the attack to the monthly magazine but as of early Wednesday afternoon the IT team hadn’t replied, although the malicious code is no longer on the site.
The U.S. and U.K. are impacted most by this kind of attack.