The forum of hardware manufacturer Asus has been serving malware to Internet Explorer users. The ASUS Republic of Gamers Forum (http://rog.asus.com) appears to have been hacked. Asus uses the popular forum software Vbulletin in which the cybercriminals found a vulnerability that was exploited.
Forum users that visited the site with Internet Explorer were specifically targeted. Once Internet Explorer was detected, code was injected to the page which in its turn loaded a page that tried to exploit known Silverlight and Flash plugin vulnerabilities. Users with fully patched versions of Internet Explorer were unaffected and the malware also didn't infect systems running Firefox, Chrome, Opera or Safari.
Users with a vulnerable Internet Explorer version were infected with the Fiesta Exploit Kit resulting in a compromised PC which cyber criminals could use to e.g. steal information or use the system to send spam.
The security researchers that discovered the hack urge everyone to frequently update your browser and its plugins.
