If you’re in the market for toys and games for your kids, you might want to avoid the Hasbro website.
That’s the warning that’s been issued by security researchers at Barracuda Labs who claim that the toy retailer’s website has been infected with malware *four* times this year already.
In a blog post, Barracuda analyst Paul Royal has shared details of how the Hasbro website has been pushing malware onto visiting computers.
Via a sequence of obfuscated JavaScript and redirects, visitors to the Hasbro website have been taken to malicious webpages hosting drive-by code which exploits vulnerabilities in Java to silently infect customers’ computers.
According to Barracuda, the latest infection on Hasbro’s website was seen by them on Monday January 20th, but they also found infections on January 14th, 11th, and 10th.
And, in Barracuda’s opinion, that means its not safe to visit the site until the company has confirmed that it has resolved the issue:
Given the frequency with which Hasbro’s website has recently served drive-by downloads, Barracuda Labs recommends that users refrain from visiting the site until its operators have confirmed it is again safe.
Clearly there has been a serious problem with the security of the Hasbro website. One has to hope that they have finally got a handle on the problem, and shut down any security holes that have so far made it too easy for hackers to plant their malicious code.
And, don’t forget, this is yet another reminder that unless you *really* need it, you should probably disable Java in your web browser. If you don’t use Java, you can’t be caught out by a Java exploit.