jQuery.com Compromised To Serve Malware

An anonymous reader writes jQuery.com, the official website of the popular cross-platform JavaScript library of the same name, had been compromised and had been redirecting visitors to a website hosting the RIG exploit kit and, ultimately, delivering information-stealing malware. While any website compromise is dangerous for users, this one is particularly disconcerting because of the demographic of its users, says James Pleger, Director of Research at RiskIQ.

The key piece of info that you need to know

[Fnord666]

The key piece of info that you need to know is this:

The only good news in all of this is that there is no indication that the jQuery library was affected.

Re:They will never learn

[_xeno_]

According to the article, the library itself wasn't affected.

Plus most people don't use jQuery.com as a CDN. Instead jQuery recommends you use Google's CDN if you want to use a CDN for jQuery.

Of course, this is still bad - I visit jQuery.com fairly frequently to check the documentation. The article doesn't say what was required for the malware to run so I have no idea if I was vulnerable to it or not, but if it was dropped on all pages and not just the home page, I definitely could have been hit by it.

Re:They will never learn

[Dracos]

You're speaking of the wrong "they". jQuery.com runs WordPress: that's the incompetence. If I had a nickel for every WP-based exploit or compromise, I'd have about $50, and I'm pretty sure this is another one.

Re:More reason for Requestpolicy

[pjt33]

If you're that worried about it, why don't you run a local mirror and point your hosts file at it?

Re:They will never learn

[Just+Some+Guy]

The purpose for parking JavaScript on a CDN is so that your visitors are likely to already have it in their cache. A million sites referring to the same URL is far more resource friendly than 10,000 sites hosting their own copy.