[w-ll]

This site is just tried to fake a chrome update for me. Serving up malware.

Viewing source their wordpress for sure has been hacked.

Obfuscated JS at the bottom of every static js file. Must be something random that it targeted me. cant seam to make it trigger again.

[helij]

Here as well. I loaded the site again and it works fine on a second try.

I use Firefox and it automatically downloaded a .zip file and shown a page with instructions to update Firefox for 'better user experience'.

[easrng]

It's downloading a zipped JScript file, still trying to figure out what it does. It looks like they took an unmodified copy of a normal JS library and wrapped it in an try/catch block so when it errors from not being in the right environment the "error reporter" kicks in and evals some JS is downloads from 582e.call.pgee.org (which appears to be non-functional)

[Lone-Deranger]

Hey Easrng, how did you reproduce? Which environment triggers the "error reporter"?

[jordigg]

I just dropped a message to the CEO via LinkedIn, hope they can check on it. Didn't pop-up for me, either adblock or just being enabled for a sample of the visitors.

[VohuMana]

Same thing just happened to me, hope no one falls for it.

[Lone-Deranger]

Is anybody able to indicate what the obfuscated JS is exactly on the bottom of each page? Or how to reproduce the error?

[ouxiez]

Works fine for me on 20/07

[Lone-Deranger]

Woot, thanks.