On Wednesday, security researcher Randy Abrams visited the Equifax site to contest bad information in his credit report and was attacked by malicious software that tried to get him to download a fake Flash updater that was a vector for an obscure piece of malware called Adware.Eorezo.
Other users confirm that they were subjected to redirections to scam sites and malware when visiting Equifax’s site. It’s not clear how these were injected into the Equifax pages (they could be malicious advertising that snuck in under the radar of a programmatic ad broker, or the Equifax servers could be compromised, or something else). This kind of malware is typically served intermittently and as of now, no one can reproduce the events on Equifax’s site, which could mean that Equifax purged the bad ads or malware, or it could just mean that the malware is lying low. Equifax has not made any public statements about this.
