If your Hotpoint cooker or washer’s on the blink, don’t arrange a repair by visiting company’s site: Netcraft says the appliance vendor’s foisting nastyware onto visitors.
That payload won’t do nice things to your endpoint and may expose you to attacks like drive-by malware or phishing.
Netcraft says the source of the problem is almost certainly Hotpoint’s WordPress installation, and notes that the content management system “is notorious for being compromised if both it and its plugins are not kept up to date.”
The site in question – hotpointservice.co.uk – is a fine target for crims because it’s suggested as the place to register new products. Netcraft worries that the attack’s done rather well because it landed in time before the Easter long weekend, meaning four sysadmin-free days of operation before IT staff came back to work and had the chance to fight back.
Hotpoint’s web site and social feeds are silent on the matter. The Register has asked Hotpoint if the attack was detected and defended and whether any customers or their data were compromised. When we hear back from the company we’ll update this story.