Spin.com Contracts Malware Passes Infection to Visitors

Researchers at Symantec the security company, on 27th October 2014, noticed that visitors to Spin.com a widely known website for news, music as well as review items contracted malware thus getting their systems infected.

The compromise largely affected users of USA, said Associate Threat Analyst Ankit Singh of Symantec. SCMagazine.com published this dated November 4, 2014.

It was not clearly known to Symantec as to in what way Spin.com got compromised, however, Singh elaborated that the hackers inserted one iFrame into it that subsequently diverted the visitors onto an extremely confusing landing page of the RIG attack toolkit.

According to Singh, RIG from its landing page searched to find driver files on the user's PC, these files apparently pertaining to specific security software programs; for bypassing detection, followed with searching if specific plug-ins were installed that it would then exploit.

The RIG attack toolkit's discovery happened during early part of 2014 when it was recognized as a successor of one more previously well-known attack toolkit the 'Redkit.'

RIG piggybacks on security flaws inside Java, Internet Explorer, Silverlight and Adobe Flash as also belonged to that collection of exploit kits that were linked to the hijack of the well-known site exclusively for men, askmen.com, during June 2014.

The majority of flaws date back to 2013, implying that truly incautious end-users got impacted with the malicious scheme.

With successful exploitation of any of the security flaws, certain payload encrypted with XOR gets installed on the end-user's PC. Thereafter, RIG is likely to install several more harmful payloads; these being info-stealers like Trojan.Zbot (ZeuS) and Infostealer.Dyranges, and downloaders.

At present, the iFrame has been removed from the Spin.com site eliminating the danger associated with visiting it.

It is observed that computers infected with RIG attack toolkit are used for hijacking Drupal websites by exploiting one just uncovered SQL injection flaw. In these instances also, the identical manner of leveraging anti-malware software prior to installing the payload occurs.

In conclusion, users are advised to keep their software routinely updated for averting exploitation of known security flaws similar as those cited within the aforementioned instance.

» SPAMfighter News - 11/17/2014