Slashdot Mirror

← Back to Stories (view on slashdot.org)

jQuery.com Compromised To Serve Malware

Posted by timothy on Tuesday September 23, 2014 @04:01AM from the send-you-this-query-to-have-your-advice dept.

An anonymous reader writes jQuery.com, the official website of the popular cross-platform JavaScript library of the same name, had been compromised and had been redirecting visitors to a website hosting the RIG exploit kit and, ultimately, delivering information-stealing malware. While any website compromise is dangerous for users, this one is particularly disconcerting because of the demographic of its users, says James Pleger, Director of Research at RiskIQ.

1 of 103 comments (clear)

Min score:

Reason:

Sort:

Re:They will never learn by _xeno_ · 2014-09-23 04:16 · Score: 5, Informative

According to the article, the library itself wasn't affected.
Plus most people don't use jQuery.com as a CDN. Instead jQuery recommends you use Google's CDN if you want to use a CDN for jQuery.
Of course, this is still bad - I visit jQuery.com fairly frequently to check the documentation. The article doesn't say what was required for the malware to run so I have no idea if I was vulnerable to it or not, but if it was dropped on all pages and not just the home page, I definitely could have been hit by it.

--
You are in a maze of twisty little relative jumps, all alike.