Sponsored by..

Tuesday, 16 July 2013

msi.com hacked with kristians1.net

The website of msi.com (a major computer manufacturer) has been hacked and is serving up malware, despite MSI being informed of the problem. Injected code pointing to the domain kristians1.net (, ServeTheWorld AS Norway) has been injected into the site and is serving up an exploit kit (report here).

This is not the only time msi.com has been hacked. Most significantly, they recently had 50,000 accounts leaked and their site defaced. Zone H also reports several recent defacements and Google reports that part of the site has been listed as containing malware 4 times over the past 90 days.

What is the current listing status for msi.com?
This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 2470 pages we tested on the site over the past 90 days, 16 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-07-15, and the last time suspicious content was found on this site was on 2013-06-16.Malicious software includes 23 exploit(s), 2 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.
Malicious software is hosted on 5 domain(s), including abdelmonem.net/, oportunidadesdesdesucasa.com/, jobsreal.biz/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including for-test-only.ru/.
This site was hosted on 10 network(s) including AS12859 (NL), AS26228 (SERVEPATH), AS8220 (COLT).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, msi.com appeared to function as an intermediary for the infection of 1 site(s) including 2k11.co.za/.

You really do have to question the competency of a company when it has this many hacks and breaches, especially when they make computers. How deeply do these breaches go?

No comments: