Website of Popular Science Magazine Spiked with Malware

Attackers apparently have embedded rogue computer commands in the widely-read website so that visitors are redirected to an outside domain containing malicious software.

Websense Security Lab, which discovered the compromise, says it has informed Popular Science of the hack.

“The website has been injected with a malicious iFrame, which automatically redirects the user to the popular RIG Exploit Kit,” Websense researchers wrote in a report. “The exploit kit launches various exploits against the victim which – if successful – will result in a malicious executable dropped on the user’s system.”

Most redirection attacks shuttle users through a series of domains before plopping them down on the webpage that contains the malware. But this campaign routes users directly to the infection.

In this case, the nasty site exploits a Microsoft ActiveX bug from 2013 in order to determine what if any antivirus product the victim’s machine is running.

“If the user doesn’t have any of the checked AVs installed, then the exploit kit proceeds to evaluate the installed plug-ins and their versions, in particular Flash, Silverlight, and Java,” according to Websense. “If a vulnerable plug-in is found, the appropriate exploit is launched.”

Fourteen percent of all infections identified so far are in the United States.