Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Malware

Unique bot attacks news sites

Paul Anderson by Paul Anderson
March 22, 2012
in Malware
0
malware attacking visitors to websites
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

malware attacking visitors to websites

You might also like

Emotet now utilizing Onenote for its spam campaigns

Netwire RAT seized by FBI and other worldwide police agencies

The Emotet botnet returns and is sending a slew of malicious emails

A simple teaser of Internet news headlines was the launch-pad for a unique malware attack, with cybercriminals creating malicious code which operated without creating files on the infected system. Experts from Kaspersky Lab uncovered the hidden attack, which exploited a vulnerability in the teasers used by a number of popular Russian news sources – and warn that similar attacks could be used to target users outside of Russia.

The investigation by Kaspersky Lab shows that Russian media websites using the AdFox teaser system on their pages unwittingly infected visitors to their pages. While downloading the news teaser, the user’s browser was secretly redirected to a malicious website containing a Java-exploit. However, unlike standard drive by-attacks, the malicious program was not loaded to the hard drive, but appeared only in the operating memory of the computer, making it much more complicated to track it down using anti-virus solutions.

Acting as a bot, the malware was sending requests and information about the user’s browsing history to a control server. If that data included any sign of using e-banking services, the

cybercriminals installed the banking Trojan Lurk to steal confidential user information required to access the online banking systems of a number of major Russian banks.

The investigation has shown, however, that the AdFox network itself was not the source of the infection. News banners were modified by adding links to the malicious website code via the hacked account of an AdFox client. Modifying the code in the teaser system allowed cybercriminals to attack not only visitors to a single news site but also to other resources using the same system. As a result, tens of thousands of potential victims may have been attacked.

“We are dealing with a unique attack. A teaser network used by cybercriminals is one of the most effective ways to install a malicious code, as many popular resources contain links to it,”

says Aleksander Gostev, Kaspersky Lab’s Chief Security Expert. “Moreover, for the first time in recent years, we faced a rare type of malware – the so-called ‘bodiless’ malware which does not exist as a file on the drive but appears in the operating memory of the infected machine, making its detection much more complicated. This incident was targeting Russian users. The same exploit and bodiless bot may well be used against users in other countries as they can be distributed via similar foreign banner and teaser networks. At the same time it’s highly probable that not only Lurk Trojan, but also other malware, is used for these purposes”.

Despite such programs being able to operate only until the operating system is restarted, it is

quite likely that the user will return to the infected news site again. Kaspersky Lab’s experts warn that the only reliable protection is the timely installation of updates. In this case, to remove the CVE-2011-3544 Java vulnerability, we recommend installing the Oracle patch – which can be downloaded at http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html.

The detailed results of the investigation by Kaspersky Lab experts are available at www.securelist.com

SOURCE

Tags: attackbotkapserkymalwarenewtech news
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Emotet now utilizing Onenote for its spam campaigns

by Kyle
March 26, 2023
0
Emotet now utilizing Onenote for its spam campaigns

The infamous Emotet malware has adopted a new tactic to spread its infection. Cybercriminals are now distributing the malware via email attachments in Microsoft OneNote format. The move...

Read more

Netwire RAT seized by FBI and other worldwide police agencies

by Christi Rogalski
March 16, 2023
0
Netwire RAT seized by FBI and other worldwide police agencies

The FBI, in partnership with several police agencies worldwide, has carried out an international law enforcement operation resulting in the arrest of a suspected administrator of the NetWire...

Read more

The Emotet botnet returns and is sending a slew of malicious emails

by Kyle
March 14, 2023
0
The Emotet botnet returns and is sending a slew of malicious emails

The notorious Emotet botnet, considered one of the biggest threats to internet security, has resurfaced after a prolonged hiatus, armed with new tactics. The botnet's trademark strategy of...

Read more

Update-resistant malware infects SonicWall security appliances

by Paul Anderson
March 12, 2023
0
Update-resistant malware infects SonicWall security appliances

Researchers have discovered that threat actors linked to the Chinese government are using malware to infect SonicWall's Secure Mobile Access 100, a popular security appliance, which remains active...

Read more

Fake ChatGPT websites are popping up and spreading malware

by Paul Anderson
March 1, 2023 - Updated on March 2, 2023
0
ChatGPT is found spreading malware created in Python

It was only a matter of time before hackers would start using the growing popularity of ChatGPT to spread malware and steal sensitive personal information. Recently, multiple security...

Read more
Next Post
code 2600 video

Code2600 video premiers at Defcon 2012

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.