Slashdot Mirror

← Back to Stories (view on slashdot.org)

jQuery.com Compromised To Serve Malware

Posted by timothy on from the send-you-this-query-to-have-your-advice dept.

An anonymous reader writes jQuery.com, the official website of the popular cross-platform JavaScript library of the same name, had been compromised and had been redirecting visitors to a website hosting the RIG exploit kit and, ultimately, delivering information-stealing malware. While any website compromise is dangerous for users, this one is particularly disconcerting because of the demographic of its users, says James Pleger, Director of Research at RiskIQ.

4 of 103 comments (clear)

  1. They will never learn by drinkypoo · · Score: 4, Interesting

    People get upset when you call them incompetent for sourcing stuff out to foreign CDNs, but stuff like this happens all the time. It's not safe to pull stuff in from other sites for reasons which are obvious to anyone competent.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:They will never learn by gandhi_2 · · Score: 3, Interesting

      Every mass-use CMS has had exploits. Even wtihout the plugin exploit problems.

      --
      THL phish sticks
  2. Thats not good. by stewsters · · Score: 1, Interesting

    This is going to be a large one. Many small to medium websites use their cdn for hosting JQuery rather than pulling it down and hosting it themselves. Kinda feel a little better about hosting it myself now.

    1. Re:Thats not good. by Jason+Levine · · Score: 3, Interesting

      Except they've said that the library wasn't affected. So it would just be people who went to the jQuery website... like I did a couple of days ago. :-O

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.