Scorecardresearch.com hacked?

There has been reports on twitter about websites being redirected to forex-prices.com and this included my sister so I decided to investigate.First I checked the usual candidates, DNS resolved ok, there was no proxy, and Sophos malware scan turned up nothing. I then noticed that the redirect happens after the page has been fully loaded.

I then installed the noscript plugin and started enabling javascript on one site at a time, it turns out that after I enabled scorecardresearch.com the symptoms started. Upon closer inspection, the problem lies with http://b.scorecardresearch.com/beacon.js of which which you can see the paste here. The content of this file is significantly different from http://b.scorecardresearch.com/beacon.js and contains hex code at the bottom which has the characteristic of an exploit.

One way to stop this is to use Firefox with the noscript extension.

Credit to @sajal for helping to debug this issue.

Update: As of September 25 2013 18.25 this issue seems to be resolved.

Share

Copyright © 2013. All Rights Reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *