Skip to content ↓ | Skip to navigation ↓

Researchers have issued a warning to avoid the Hasbro.com website because of a series of malware infections that result in users being redirected to a malicious website.

“A week ago (on Monday, January 20), as well as on January 14, 11, and 10, Hasbro’s website pushed malicious software to visitors’ computers. As with the Cracked.com compromise a week prior, the incident was the result of direct site compromise, and affected users were unlikely to have recognized that their computers were infected,” wrote Barracuda Lab’s Paul Royal.

The attack employs several instances of obfuscated JavaScript and malicious redirects that would be difficult for the average user to detect, driving the traffic to malicious websites that serve up drive-by exploit code which that targets vulnerabilities in Java.

“Given the frequency with which Hasbro’s website has recently served drive-by downloads, Barracuda Labs recommends that users refrain from visiting the site until its operators have confirmed it is again safe,” Royal said.

“An archive containing packet capture (PCAP) files that show the sequence of events for drive-by downloads originating from Hasbro.com for January 20, 14, 11, and 10 can be downloaded here.”