A websites belong to Wagamama -Japanese restaurant and noodle bar- has been hacked and injected with a piece of malicious code , also known as a RunForestRun attack.
According to websense report, the RunForestRun attack exploits vulnerability in Parallels Plesk to obtain user account credentials, then compromised accounts are used to modify JavaScript files.
The javascript file "global.js" hosted in goeast.wagamama.com found to be injected with obfuscated script. The code was surrounded surrounded by a comments "/*km0ae9gr6m*/ "
![runforestrun]()
The obfuscated script creates an iframe with pseudo-random generated URLs. In the end, the generated url will lead the user to a well-known Blackhole Exploit Kit.
At the time of writing, we are not able to reach the goeast.wagamama.com.
According to websense report, the RunForestRun attack exploits vulnerability in Parallels Plesk to obtain user account credentials, then compromised accounts are used to modify JavaScript files.
The javascript file "global.js" hosted in goeast.wagamama.com found to be injected with obfuscated script. The code was surrounded surrounded by a comments "/*km0ae9gr6m*/ "
The obfuscated script creates an iframe with pseudo-random generated URLs. In the end, the generated url will lead the user to a well-known Blackhole Exploit Kit.
At the time of writing, we are not able to reach the goeast.wagamama.com.
