Get married – get infected

Planning for a weddings can be a stressful time with so many things to organize: the dress, the food, the venue and of course the groom 🙂

Looking at data reported back to SophosLabs from one of our customer’s WS1000, we saw a hotel website infected with Troj/Pintadd-A. Specifically, we saw pages referencing the hotel’s wedding facilities infected (compromised to contain a malicious script).

Wedding SIte

SophosLabs have tried contacting the site owner, but are yet to get a response. At the time of writing, the wedding page is no longer serving up the malicious script, but the root of the domain does!

Looking at the page source:

Hex source

You will notice that the malicious script is appended after the end of the legitimate HTML code.

Brides to be not only need something borrowed and something blue. They also need content filtering and anti-virus, or at least to practice safe hex or abstinence before marriage…