Wagamama serves up malware from outdated site
Wagamama serves up malware from outdated site

Hackers have exploited a vulnerability in the Plesk content management system to upload malware to a website owned by the Wagamama restaurant chain.

The 'RunForestRun' attack targeted Plesk, leading users to the Blackhole Exploit kit. This allowed attackers to grab user account credentials and inject obfuscated script into JavaScript files.

According to Websense researchers, on execution the script decompiled as an iFrame with random generated URLs that pointed visitors to Blackhole.

It was not known if the targeted Plesk flaw was a result of the zero-day vulnerability revealed in July, which may have resulted in the infection of 50,000 websites. 

The affected and outdated subdomain site was down at the time of writing, but it was home to a 2009 competition between Wagamama and STA Travel, and remained active and unpatched for years.

Websense Australia and New Zealand country manager Gerry Tucker said that administrators should remove expired sites because they are a threat vector, as 82 per cent of malware was found on compromised hosts.

Tucker said: “These sites are prime targets for malware guys. In reducing risks, they should maintain assets properly and then take them offline. At the same time, the right infrastructure and controls are important to prevent the compromise of sites [and] to protect visitors from being exposed.”