A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, is also sending visitors to the fraudulent updates and other types of malicious pages.
When clicked, the files infected visitors' computers with adware that was detected by only three of 65 antivirus providers.
On Thursday afternoon, Equifax officials said the mishap was the result of a third-party service Equifax was using to collect website-performance data and that the "vendor's code running on an Equifax website was serving malicious content."
Equifax initially shut down the affected portion of its site, but the company has since restored it after removing the malicious content.
Three hours after this post went live, a TransUnion spokesman sent an e-mail that said: "TransUnion is aware that our Central America website was temporarily redirecting users to download malicious software.
The common thread tying the affected Equifax and TransUnion pages is that both hosted fireclick.js, a JavaScript file that appears to invoke the service serving the malicious content.
At the same time, the incidents show that visitors to both sites remain much more vulnerable to malicious content than they should be. »