Defacing websites has been the main stay for hacktivist groups to spread their message. During recent research, we found multiple compromised websites containing a malicious link to a “lulz.htm” page, which in turn leads the user to a Dokta Chef Exploit Kit (EK) hosting site. This appears to be a new tactic whereby a hacktivist group has escalated their activities by attacking users who visit defaced sites. This is out of character for such groups that generally seem more interested in disrupting private sector compliance with government entities, than targeting end users.

http://research.zscaler.com/