Hardware & Technical General catch all thread for wider malware concerns.

Zak Gordon

Zak Gordon
Seeing individual stuff get to page 10 then die (get locked) makes it a bit hard to keep malware/virus news threads 'current', so i've decided to create one to post the growing number of reports we get these days. I think individual threads for very specific stuff (like the Spectre/Meltdown threats) is good, but for general warnings and more generic stuff i like not having to search back 10 pages (or more) for info.

So first up is a warning on the growing number of hacked websites out there:

'Thousands of hacked websites are infecting visitors with malware':

https://arstechnica.com/information...ing-thousands-of-hacked-sites-hid-for-months/

Thousands of hacked websites have become unwitting participants in an advanced scheme that uses fake update notifications to install banking malware and remote access trojans on visitors' computers, a computer researcher said Tuesday.

The campaign, which has been running for at least four months, is able to compromise websites running a variety of content management systems, including WordPress, Joomla, and SquareSpace. That's according to a blog post by Jérôme Segura, lead malware intelligence analyst at Malwarebytes. The hackers, he wrote, cause the sites to display authentic-appearing messages to a narrowly targeted number of visitors that, depending on the browsers they're using, instruct them to install updates for Firefox, Chrome, or Flash.

To escape detection, the attackers fingerprint potential targets to ensure, among other things, that the fake update notifications are served to a single IP address no more than once. Another testament to the attackers' resourcefulness: the update templates are hosted on hacked websites, while the carefully selected targets who fall for the scam download a malicious JavaScript file from DropBox. The JavaScript further checks potential marks for virtual machines and sandboxes before delivering its final payload. The resulting executable file is signed by an operating-system-trusted digital certificate that further gives the fake notifications the appearance of legitimacy.
Click to expand...

Just one example of why javascript blocking is a good thing.
 

Dural

Dural
And ad blocking, there have been quite a few instances of ad platforms being used as malware delivery networks (BBC site being one of the more famous ones....)
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom