Last week Trend Micro discovered something very disturbing for Latin American customers surfing to the Best Buy site.
Before they reached the page asking them to choose their language – Spanish or English – a subtle GEO-IP check happened. If they were from Latin America, they were redirected to another page. Trend Micro Threat Research Manager, Ivan Macalintal, said:
“If (the) requesting IP is from the Latin America Region (LAR), users are redirected to the ‘Choose English or Spanish’ page—and then bingo!”
This only happens to Latin American Region area users.
The redirect page is a Luckysploit-laden site, and the web exploit kit and other elements are very similar to Gumblar.
Although the redirect site has a Chinese suffix, it’s actually located in Germany and controlled from the Ukraine. It was registered on June 4 this year. Trend Micro has informed Best Buy of the problem.
Provided by Digitaltrends
