by Jovi Umawing (Technical Communications)
Earlier today, Trend Micro Technical Account Manager Fioravante Souza in Brazil spotted a (potentially harmful) URL that redirects users from the Best Buy domain site.
Users who visit www.bestbuy.com, as it turns out, are redirected to the URL, hxxp://pics. bubbled.cn/gallery/
hardcore/?23c4f60c1b9f604d6ffb21cba599301f (hxxp = http, and without the spaces). The compromised page in the domain is found to be the landing page where visitors can choose the language to be used as they browse within the site. Threat Research Manager, Ivan Macalintal, further identifies that a GEO-IP check happens prior to displaying the said landing page.
?If (the) requesting IP is from the Latin America Region (LAR), users are redirected to the ?Choose English or Spanish? page?and then bingo!? Macalintal says.