TechCrunch Europe hacked, serving malware

TechCrunch Europe has been compromised and its code changed to redirect visitors to a server serving up malicious PDFs.

Once downloaded and run, the PDF files exploit a vulnerability and make the system download a version of the ever-so-popular ZeuS Trojan.

According to Trend Micro‘s Rik Ferguson, the server in question is located in Germany and is hosted by Netdirect – not a stranger to hosting malicious sites.

A few hours ago, TechCrunch tweeted that they “are aware of the (annoying) malware warning about the @TCEurope site”, and that they are trying to fix it.

The awkward phrasing makes me think they thought at the time that there was some kind of mistake and not a legitimate warning. The site hasn’t been taken down in the meantime, and there is no official update on the situation.

Ferguson warns that the ZeuS variant is currently detected by only 2 out of 43 anti-malware solutions used by VirusTotal, so it’s best to avoid the site altogether until they manage to clean its code.