Fox News reported that there might be a perfect storm of Internet iniquity. It is a three-month-old malvertising campaign that is exploiting two recently discovered Adobe Flash Player flaws to infect people's computers with ransomware. The result could be a dire threat that may have affected websites such as the Huffington Post and Answers.com.
The malvertising campaign, dubbed "Fessleak" after an email address used to register malicious domain names associated with the campaign, began in mid-October and initially used a Windows flaw to infect PCs with what Fairfax, Virginia-based security company Invincea called "advanced ransomware."
But after Microsoft patched that flaw last 13 January 2015, "Fessleak" switched to running ads that exploited first one, then another, Adobe Flash Player zero-day flaws — so called because attackers discovered and used them first, giving Adobe zero days to patch its software. (Both flaws have since been patched.)
Invincea, which chronicled the malvertising campaign in a blog post last 4 February 2015, the same day Adobe patched the second flaw, said that "Fessleak" can even detect when its malware dropper attempts to run in a virtual container, an isolated environment that security researchers use to study malware.
If "Fessleak" detects a virtual container, its dropper will shut down, which may be why Invincea didn't name the specific kind of ransomware involved. Similar malvertising campaigns have infected users with the Reveton strain of "police" ransomware, which tells victims they face prosecution for harboring pirated files or pornography unless they pay "fines" immediately.
Malvertising refers to when online criminals slip malicious advertisements into legitimate ad networks that feed ads to widely viewed websites. These malicious ads then appear in the browsers of people who visit these sites, which can trigger malware infections.
Because it spreads via ad networks, "Fessleak" has affected many websites. Sites hit since the Adobe flaws were introduced include Answers.com and Thesaurus.com.
Malvertising campaigns such as "Fessleak" can be difficult to curb.
"It is important to note that the sites from which the malvertising were delivered are by and large unaware that their sites were used for delivering malware, and largely unable to do anything about it," Invincea notes.
Although these two latest Flash zero-days have been fixed, they won't be the last of their kind. To protect yourself against future attacks, you may want to disable Flash in your browser, or at least set Flash to Click to Play. This way, you can activate only the ads or videos using Flash that you wish to see, and the others will remain disabled.
The malvertising campaign, dubbed "Fessleak" after an email address used to register malicious domain names associated with the campaign, began in mid-October and initially used a Windows flaw to infect PCs with what Fairfax, Virginia-based security company Invincea called "advanced ransomware."
But after Microsoft patched that flaw last 13 January 2015, "Fessleak" switched to running ads that exploited first one, then another, Adobe Flash Player zero-day flaws — so called because attackers discovered and used them first, giving Adobe zero days to patch its software. (Both flaws have since been patched.)
Invincea, which chronicled the malvertising campaign in a blog post last 4 February 2015, the same day Adobe patched the second flaw, said that "Fessleak" can even detect when its malware dropper attempts to run in a virtual container, an isolated environment that security researchers use to study malware.
If "Fessleak" detects a virtual container, its dropper will shut down, which may be why Invincea didn't name the specific kind of ransomware involved. Similar malvertising campaigns have infected users with the Reveton strain of "police" ransomware, which tells victims they face prosecution for harboring pirated files or pornography unless they pay "fines" immediately.
Malvertising refers to when online criminals slip malicious advertisements into legitimate ad networks that feed ads to widely viewed websites. These malicious ads then appear in the browsers of people who visit these sites, which can trigger malware infections.
Because it spreads via ad networks, "Fessleak" has affected many websites. Sites hit since the Adobe flaws were introduced include Answers.com and Thesaurus.com.
Malvertising campaigns such as "Fessleak" can be difficult to curb.
"It is important to note that the sites from which the malvertising were delivered are by and large unaware that their sites were used for delivering malware, and largely unable to do anything about it," Invincea notes.
Although these two latest Flash zero-days have been fixed, they won't be the last of their kind. To protect yourself against future attacks, you may want to disable Flash in your browser, or at least set Flash to Click to Play. This way, you can activate only the ads or videos using Flash that you wish to see, and the others will remain disabled.
Very good article written on technology. Technology making us to learn day by day and making our life smoother. I also educate people and help and teach to make effective utilization of technology via my personal blog http://www.abhilashatechnology.com/search/label/tv%20technology?max-results=10
ReplyDelete