Popsci Website Installing Malicious Software on Visitors’ PCs, Says Websense

Websense the security company has found that Popular Science a top science reference website popularly called Popsci is under hackers' control so diverting visitors onto a different domain serving malicious software, published techworm.net dated October 30, 2014.

Security researchers at Websense explain that one malevolent iFrame has been inserted into the website due to which the diversions are occurring and onto a well-known exploit kit namely RIG. The RIG installs different exploits aimed at compromising users that incase successful would introduce a malevolent .exe file onto the victims' computers. Threatpost.com published this, October 30, 2014.

Moreover, different from usual malware programs, which leverage certain traffic distribution mechanism for making end-users go via several diversions prior to reaching the web-page serving the attack toolkit, the Popsci site takes end-users straight onto the infection, explain the researchers. As per Websense, this operating mechanism by RIG is typical of it. Within this instance, RIG abuses one 2013 ActiveX flaw of Microsoft so it can check the name of anti-virus software, if any, enabled on the infected computer.

The technique is common with several attack toolkits such as most notably found with the Angler or Nuclear toolkits, states Websense. In cases where the checked anti-viruses are not found on the infected devices, the attack toolkit moves on towards assessing the plug-ins loaded along with what versions they are in, especially the Java, Silverlight or Flash plug-ins. Subsequently, on finding an attack-prone plug-in, it serves a suitable exploit.

Meanwhile, the number of contaminations during the Popsci attack counted plenty given the website's tremendous popularity among fans and students. Websense estimates that 43% of the total contaminations occurred in the Netherlands, UK and USA; however, contaminations were found elsewhere too.

The security company claims that to remain safe from the kind of assault discussed, one requires maintaining an up-to-date browser while using the latest browser plug-in editions.

Creating attack codes for exploitation needs time, while apart from in the case of 0-day vulnerabilities, security patches are issued long before there is exploitation of the weaknesses. Consequently, users have enough time for deploying the patch, Websense concludes.

» SPAMfighter News - 11/8/2014