[Brumby]

While searching for an off-road vehicle (specifically a jeep body) I checked the Thar and the Gurkha and then I thought about checking the Isuzu V-cross as well.

I was surprised to see that the Isuzu India website does not allow me to browse without updating the "Chrome browser" or the "Firefox".

I tried Safari, Brave, Chrome and Firefox with same results.

I am clueless about what Isuzu India wants the visitors to their website to do.

Some screen shots:

[moralfibre]

Brumby, perhaps your PC needs an AV scan to find malware on it. The website will work fine for everyone else. This is a local issue and doesn't require Isuzu to do anything.

[Brumby]

Quote:

Originally Posted by moralfibre

Brumby, perhaps your PC needs an AV scan to find malware on it. The website will work fine for everyone else. This is a local issue and doesn't require Isuzu to do anything.

I am using a Macbook Air with a paid total security AV from Norton with scan set to automatic.

The problem is that irrespective of the kind of browser used, its asking to update chrome, even on my android phone the issue was there. For Firefox browser the website asked to update Firefox.

On my android phone I have checked the following browsers with similar issue:
Brave
Edge
DuckDuckGo
Firefox

The issue did not show up when I used Tor browser on my android phone.

Hope I am not having some serious issue on my laptop or some digital threat with my ISP.

To verify, I just now checked the website on windows 10 with McAfee paid AV using Firefox browser and the website asked me to update Firefox

I just want to understand that when I am not using Chrome while browsing the website, why should I update chrome.

[GTO]

I see the same on my computer & so does Chetan_Rao. It does appear that their website is compromised.

Please don't click on that button .

[Prowler]

Quote:

Originally Posted by Brumby

I just want to understand that when I am not using Chrome while browsing the website, why should I update chrome.

The site is based on WordPress CMS. Wordpress sites unless diligently updated and 'fixed' regularly have vulnerability issues.
The site as of now pulls up a popup page asking you to click on a link which may install a Trojan to susceptible browsers.
I tried to run the script in a sandboxed browser and it didn't take the bait. Just wanted to see what it's payload is.

Unless you click on the Update link, you don't need to worry about any issue.

It is about time Isuzu fixed this.

[skanchan95]

I am getting in the same popup. IF one moves the mouse on the Green "Update Chrome" button - the link shown is "https://www.isuzu.in/universalpopup/update.php" ( marked in Red).


This probably will install some malware on your PC, if clicked. If it indeed was a Google Chrome update, the link should have been a google chrome link, and not Isuzu Update link.

[sandeepmdas]

The website is indeed using WordPress, but the version it uses is the latest: 5.8.1

I clicked the popup (Linux guy here), and it tried to download an executable file, install.exe. Ubuntu then warned me that the download contains "either a virus or malware".

[Brumby]

Whenever I experience such incidents, I wonder whether there are any people designate by the companies to look after such affairs and how much importance do they give to their digital face.

The company's website is its digital interface for the customers and Isuzu, by no means is an organisation which should overlook such basic stuff.

The worst was an experience with Axis bank. A mail sent to the email address of ombudsman (given in their website) bounced

[vik99]

Quote:

Originally Posted by sandeepmdas

I clicked the popup (Linux guy here), and it tried to download an executable file, install.exe. Ubuntu then warned me that the download contains "either a virus or malware".

Adding a tip for checking suspicious files.

If you have downloaded a file and want to be sure it's clean before running it, then scan it using virustotal.com. Virustotal scans the uploaded file/link using 60+ Antivirus scanners. Virustotal is owned by Google since 2012.

There are other similar websites too, more on them here.

Would be interesting to see what it has to say about install.exe!

As a rule, you shouldn't click on banners or pop-ups with links which say your computer is infected or your browser is outdated. Oh! and never enable macros on Office(Excel, Word) files downloaded off the internet unless you are very very sure they are safe.

Edit: Site seems to be fine now.
Google has a facility for reporting websites with malicious software (Click here) and also phishing sites (click here). In addition you can also check the status of a suspicious page - click here.
BTW i don't work for Google, i wouldn't mind it though, hey Sergey! you hear me?

[sandeepmdas]

Quote:

Originally Posted by vik99

Would be interesting to see what it has to say about install.exe!

In fact, I somehow controlled the itch to "test drive" the EXE, you won't get a juicy malware everyday. But meeting a deadline is paramount as you know.

I had to let it go.

[vik99]

Quote:

Originally Posted by Brumby

I am clueless about what Isuzu India wants the visitors to their website to do.

Google seems to have blacklisted malicious URLs on the website...

Folks receiving email updates on this thread are being shown this message.

[ambarkhan]

Isuzu India is using a CMS(Content management System ) Wordpress(approx 40% websites on internet are built on same platform). It is a very easy platform to start with and very robust for many use cases in future.

Because of easy of use, many websites are deployed using it and often, not very competent people are behind such deployments. End result is websites with default or poor security settings.

Also there are many free tools/scripts are available on internet to exploit such omissions.
I assume that was the case what happened on their website. I saw at least one issue just before typing this.

[veyron_head]

But which nutjob hacked Isuzu's website,of all ?! What do they even plan to gain!

[vik99]

Quote:

Originally Posted by veyron_head

But which nutjob hacked Isuzu's website,of all ?! What do they even plan to gain!

This targets visitors to the website.

The attack on the website is a stage in a multi stage attack. Once a visitor to the website runs the malicious executable, the attackers would gain control over the visitor's computer. This would give them access to the victim's personal data and the ability to launch further attacks.

Imagine the possibilities for the attackers if they were to compromise the system admin of a bank this way or just the computer of someone who frequently uses internet banking.

Once a visitor to the website runs the malicious executable (masquerading as a Google Chrome update), the only thing that can save him is if he or she has an AV installed which can detect this executable as malicious. Even that is not foolproof as the bad guys often test their wares to ensure AVs don't detect them.

[veyron_head]

Quote:

Originally Posted by vik99

This targets visitors to the website.

The attack on the website is a stage in a multi stage attack. Once a visitor to the website runs the malicious executable, the attackers would gain control over the visitor's computer. This would give them access to the victim's personal data and the ability to launch further attacks.

I understand the rationale behind hacking. Was just wondering why they would do that to Isuzu's website which will hardly get visitors, compared to a Maruti or Hyundai.