The security analyst Randy Abrams reported that the Equifax website had been redirecting users to pages set up to serve adware and scams.
Equifax is a service designed for obtaining free and discounted credit reports. While trying to find his credit report on the website, the security analyst Randy Abrams was redirected to a page offering a fake Flash Player installer. The browsing session was taken through multiple domains before reaching the final page.
Nevertheless, the Equifax webpage, which is hosted at aa.econsumer.equifax.com, did not redirect the connection yesterday. For that reason, Abrams believes that Equifax has removed the malicious code from its website sometime on Wednesday.
According to the analysis of the domains involved in the redirection chain, they can lead not only to adware. In fact, the final destination depends on the type of device and the geographical location of the user.
Different types of online security services define the domains involved in the attack as malicious, and as there is no evidence of actual malware being served, the possibility cannot be ruled out.
After the user visits the compromised website several times from one and the same device, he is redirected to a page belonging to a legitimate business which is probably trying to promote its site via ad networks or SEO services.
In respond to the critical issue, the spokesperson of Equifax said:
“We are aware of the situation identified on the equifax.com website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”
The Equifax team has recently informed its customers that hackers breached its systems after exploiting an Apache Struts 2 vulnerability which had been patched and exploited in the wild since March, this year. The criminals gained access to the personal information of more than 140 million individuals, including hundreds of thousands of British and Canadian citizens.
Many of Equifax’s cybersecurity failings came to light following the breach, including the fact that the company directed customers to the wrong website and website vulnerabilities.
After an investigation, Equifax found that the problem was caused by a third-party vendor’s code.
“Despite early media reports, Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal.
The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content. Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.” Equifax stated.