Cyber-crooks Disseminating Malware by Exploiting Google Code Site
Zscaler the security company recently cautioned Web-surfers about hackers who are exploiting Google's Code creator online site for disseminating malware.
Security Researcher at Zscaler Chris Mannon, declaring the ploy's uncovering said that Internet criminals, to give one new twist to normal assault ruses, were utilizing Google's Code site, thus reported theinquirer.net dated August 1, 2013.
According to Mannon, malware authors were currently choosing file-hosting websites that charged fees, for purveying their wares. If such lawful sites that hosted files overlooked their contents' scanning the result might be forceful stoppage of the service by network administrator, he continued.
The problem as of present was that it was Google Code's turn this time for apparently getting abused after several such major professional-related websites became the target of cyber-criminals over the last few months, Mannon, among others, analyzed.
Consequently, Zscaler urged organizations for strengthening own security systems for tackling the recent danger.
Mannon further said that the recent event proved that there wasn't any file-host which was, from now, immune to attack. Trusting particular URLs blindly shouldn't happen from any establishment alternatively from one's own perspective. Therefore, it was necessary for activating those security rights for aborting as also maintaining vigilance over dubious files that, still more seemingly trusted sources, sent, the researcher added. Zscaler.com published this dated July 31, 2013.
The several other major online sites which cyber-thieves lately targeted are the community forum of National Association of Securities Dealers Automated Quotations (NASDAQ) and Apple's Developer website. Both the assaults aimed at filching end-users' passwords instead of modifying the sites for becoming malware-dissemination mediums, security researchers remark.
They state that the Google Code assault represents an increasing trend among people hacking into entities. Simon Mullis, Regional Technical Lead of FireEye stated that he was anticipating further similar assaults soon, reported V3.co.uk dated August 1, 2013.
He stated that the kind of assaults were continuously observable. During several instances, segments of multi-stage assaults were observed through particular malicious schemes run on various third-party entities. A website that harbored user-editable material could get utilized for harboring the malware-assault sustenance cycle at least partially, Mullis indicated.
» SPAMfighter News - 07-08-2013