Globo.com , one of the top 10 portal of Brazil , has been hijacked by cyber criminals and users are being redirected to a website that displays spam ads, reports Sucuri.
The Users who visit the main domain and sub-domains(etc.globo.com, g1.globo.com,..) are being redirected to the pagesinxt.com - The domain appears to be registered in 2011 displays ads about internet, hosting, antivirus.
The sucuri says "redirection has been going for a few hoursat least and we detected it for the first time around 8am EST and it is still live four hours later (noon EST)". Yes, The website still redirects users to the ads-displaying page.
Researchers identified an external script "hxxx://sawpf.com/1.0.js" which is being loaded in the site causes the redirection.
It appears the cybercriminals have hijacked the sawpf.com and modified the scripts such that it redirects to the target website.