On September 27, 2016 Forcepoint Security Labs noticed that the Russian boxing site allboxing[.]ru was compromised. The site is injected with code that attempts to silently redirect users to a third party website containing an exploit and a Russian banking trojan. The injected code employs several evasion tactics, and ensures that the redirect only occurs when there is significant user interaction on the website.Hiding in Plain Sight
The site allboxing[.]ru is a very popular Russian boxing website receiving an estimated 3 million visitors per month.
One of the scripts being used by the website at hxxp://... Read more