Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Threat Actors Use New Tactics in Targeted Attacks - High-Tech Bridge

Securityweek.com reported on 14th March, 2015 stating that security firm High-Tech Bridge has discovered an exciting attack where miscreants used a novel way of distributing malware to a targeted person as believed by researchers.

The Security firm nicknames this technique as "drive-by-login" and it is analogous to drive-by downloads in which malware is distributed to Internauts when they visit the website of the attacker. But, in drive-by-login attacks, the miscreant sets up malicious code on a website which will be visited by the victim as per the attacker.

High-Tech Bridge says that it seized the new technique when their one customer contacted them after a very strange behavior of his website. One of his clients complained that the website of the store tried to infect his PC with a malware. However, daily malware and vulnerability scans did not reveal any threats since months and the shop was running the latest osCommerce Online Merchant v2.3.4 released in June 2014. High-Tech says that initially it thought this as a case of false-positive alert but it was not.

The security firm highlights that it discovered a very interesting file called 'ozcommerz_pwner.php.bak' in the root of the document.

High-Tech Bridge analyzed the attack and it found that attackers identified the person's preference for online shop and then they exploited a latest Flash zero-day vulnerability to compromise its storefront with their backdoor code. They waited after having done so.The security firm said that the email address and IP of the target are written into the code to provide as a trigger to distribute the malware.

Drive-by-logins could viably replace phishing as method of infection by attackers but it seems more likely to be used in Advanced Persistent Threat (APT) campaigns. SCMagazine.com published news on 7th April, 2015 quoting an explanation of Ilia Kolochenko, CEO of High-Tech Bridge, as saying "Even if high-profile targets employ their own security teams, they remain at the mercy of a website's security."

Consequently, he recommended website operators install automated vulnerability scans along with manual web application penetration testing. He advised that victims should remain aware and doubtful about trusted sites.

ยป SPAMfighter News - 4/20/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next