New "feature" coming to hechtmail soon!

Out-of-date Web app on Maisto.com causes site to attack its visitors. (SOUND FAMILIAR? IT SHOULD!)

The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, has been caught pushing ransomware that holds visitors' files hostage until they pay a hefty fee.

The website infection bears similarities to an attack targeting sites running Microsoft's IIS Web server platform that Palo Alto Networks disclosed last month.

The attacks come a month after advertisements delivered on some of the Internet's most visited websites were found delivering Angler exploits pushing ransomware. These regularly occurring attacks are a potent reminder that people can be infected even when they visit websites they know and trust.

Malicious files provided by the Angler exploit kit were hosted directly on the homepage of Maisto[.]com, according to antivirus provider Malwarebytes. The attack code exploits vulnerabilities in older versions of applications such as Adobe Flash, Oracle Java, Silverlight, and Internet Explorer. People who visit Maisto[.]com with machines that haven't received the latest updates are surreptitiously infected with the CryptXXX ransomware.

http://arstechnica.com/security/2016/04/toymakers-website-pushes-ransomw...