14 DAY TRIAL // In late June, Symantec researchers noticed that cybercriminals had hacked the Segway site and abused it in a RedKit exploit kit attack. Segway has been notified of the attack and it has taken some steps to address the issue.
According to experts, the attackers injected malicious JavaScript code into a jQuery script. The code in question decodes to a malicious iframe which redirects victims to a RedKit landing page.
This landing page is designed to load the Java Network Launch Protocol (JNLP), which deploys malicious .JAR files onto the targeted computer.
The .JAR files attempt to exploit a Java vulnerability to download an encrypted payload.
Three pieces of malware are dropped: Waledac, ZeroAccess and Ponik.
For a technical analysis of this RedKit attack, check out Symantec’s blog.