Website of Aftonbladet, a Swedish Tabloid, Compromised by Malvertising
Softpedia.com reported on 6th February, 2014 stating that malware is being served via compromised ad networks which is a tactic being used by a large number of cybercriminals. In lieu of this, a website of popular Swedish tabloid was targeted by the latest incident of attack vector.
It is worthwhile to note that Aftonbladet is one of largest websites of Sweden. According to Alexa, it holds sixth rank in the country.
Magnus Lindkvist, Security Evangelist of Microsoft Sweden, was the first person to observe the attack. He informed Kaspersky who proceeded with analyzing the campaign of malvertising.
Apparently, the attack is aimed at targeting only the Internet Explorer users and nothing happens if the website is visited via other browser.
Actually, when visitors accessed the website through Internet Explorer, they are redirected to another website that contains a fake Microsoft Security Essentials Alert, warning the visitors of Trojans and other threats on their computer. In lieu of this, when the visitors click the clean computer button, it leads to the downloading of a malicious file.
According to Kaspersky, threat is still being analyzed but by judging the screenshots provided to them, it seems cybercriminals are using social engineering kits to distribute fake antiviruses of the Tritax family.
HELP NET SECURITY published news on 6th February, 2014 quoting a comment of Bart Blaze, Panda Security malware Researcher, as "this rogueware or fake AV of Tritax family has been in the news for long. Moreover, it has many different names, although the design, concept and social engineering attack remains the same everytime."
The attack followed the same pattern in the recent incidents of popular video-sharing website Dailymotion.com and malicious payload.
Yonathan Klijnsma, Security Specialist of Fox-IT, has tracked similar attacks on several popular websites such as Businessinsider.com and has named the malware as NameChanger FakeAV as its variants showed similar graphics with changes in name.
The first sample of Tritax malware was identified in May 2009 and since then variants of it have been around. Therefore, inorder to minimize the impact of this malware on the infected computer, people have to install an updated antivirus and antimalware product and use NoScript in Firefox or Notscript in Chrome.
» SPAMfighter News - 14-02-2014