As News reported late Wednesday night, a division of Equifax’s website was redirecting guests to a page that was passing fraudulent Adobe Flash updates. When clicked, the files affected visitors’ machines with adware that was recognized by only three of 65 antivirus providers. On Thursday afternoon, Equifax executives said the mishap was the result of a third-party service Equifax was using to get website-performance data and that the “vendor’s code working on an Equifax website was accepting malicious content.” Equifax originally shut down the affected portion of its site, but the organization has since restored it after eliminating the malicious content.
Now, Malwarebytes security researcher Jérôme Segura says he was capable to repeatedly generate a similar chain of fraudulent redirects when he showed his browser to thesite. On some events, the final link in the chain would push a fake Flash update. In other examples, it delivered an exploit kit that decided to infect computers with unpatched browsers or browser plugins. The attack series remained active at the time this post was going live.
“TransUnion is aware that our Central America website was briefly redirecting users to download malicious software. The issue has happened to be fixed and we are browsing our other websites. TransUnion has not known any unauthorized access to its systems as a result of this issue.”