Just For Men website serves malware | Advanced Mobile Spy Software
The website for Just For Men, a company that sells various products for men as its name implies, was serving malware to its visitors. Our automated systems detected the drive-by download attack pushing the RIG exploit kit, eventually distributing a password stealing Trojan. In this particular attack chain we can see that the homepage of justformen[.]com has been injected with obfuscated code. It belongs to the EITest campaign and this gate is used to perform the redirection to the exploit kit. EITest is easy to recognize (although it has changed URL patterns) for its use of a Flash file in its redirection mechanism. RIG EK has now taken over Neutrino EK as the most commonly used and seen toolkit in the wild. Neutrino EK, which had been the contender to Angler's top spot has been relatively quiet lately. We replayed the attack in our lab as shown in the video below. For more details and a traffic capture, please scroll down to the technical section of this post