A blog from hard disk drive manufacturer Seagate suffered a compromise that contains malicious iFrame injections that redirect users to websites hosting the Blackhole exploit kit, researchers said.
Even though Seagate spotted the compromise late last month, the company has still not reacted and cleaned the blog, said researchers at Sophos.
“I suspect that many webmasters fail to see the problem themselves and dismiss abuse reports as a result. Which is understandable, as reproducing the problem can certainly be tricky,” said Sophos’ Paul Baccas.
“It would seem that certain checks are done by the malicious Apache module, meaning that the malicious iFrame is only injected into outbound HTML/JS content when certain conditions are met.”