Spin.com Was Dropping Malware for a Bit

Hackers reprogrammed the heavily-trafficked music magazine’s website with crooked code to direct visitors to a malware-laced webpage.

Symantec spotted the suspicious activity and as of Nov. 4 all was back to normal on the site.

But the damage has been done already.

“The number of potential victims could grow substantially depending on the length of time the website was redirecting visitors to the EK prior to our discovery,” according to Symantec.

The operation mainly affected Internet users in the United States.

The page visitors landed at contained malware called the “Rig exploit kit.” The nasty program looks for holes in Microsoft Internet Explorer, Java, Adobe Flash and Silverlight on the machines of computer users. To avoid setting off alarms, Rig avoids dropping any exploits into the holes if it detects certain security files.

If the coast is clear, it attempts to slip information-stealing software through the vulnerabilities.  

This all started when, somehow, hackers embedded rogue computer commands, known as an iFrame, into Spin.com.