Popular Singapore Bookstore Website Compromised

Date:06.05.2009

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has discovered that the home page of Popular Bookstore in Singapore has been compromised, and is infecting site visitors with malicious code.

Popular Bookstore Web site:

The homepage at  hxxp://www.pop[removed].com.sg has been injected with malicious code. Normally this page would just redirect users to hxxps://www.pop[removed].com.sg/jsp/index.jsp (where the main site operates), but malicious obfuscated code has been injected into that page.

Screenshot of the malicious injected code:

Popular Bookstore is an integrated business company comprising publishing, distribution, bookstore operations, and franchising. The Web site is very reputable and popular in Singapore.

We have been monitoring this attack because earlier, the obfuscated code resulted in an Iframe leading to the exploit site at karlast.com. Currently, the Iframe has changed and redirects users to the exploit site at suptullog.com.

[UPDATE] at the time of publishing this alert the exploit site is down. We have notified Popular about the infection.

Websense® Messaging and Websense Web Security customers are protected against this attack.

•  Subscribe to this feed »