Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate the unusual website behavior in order to understand how new infections work. In this case, the odd behavior was the website’s pop-up window claiming there was a missing font.
The Unwanted Popup Window
A website owner reached out to us to investigate the error displaying on their site. The popup window informed the visitors that they were unable to view the content of the site because their computers were missing a font called “HoeflerText”:
The malware tries to trick visitors into clicking the “Update” button to download a malicious file called: Font_Update.exe
Earlier this year, we wrote about a wave of WordPress infections involving malicious plugins that inject obfuscated scripts, creating unwanted pop-up/pop-unders which serve unwanted ads.