SubTorrents Leveraged Fiesta Exploit Kit in Website Attack

Infosecurity-magazine.com reported on 4th May, 2015 stating that SubTorrents, a file- sharing site, which is very popular in Latin America and Spain, is silently infecting users with a Trojan with the help of Fiesta Exploit Kit.

Anyone visiting the website, he/she will be silently redirected to the malicious payload.

In some countries, besides the illegal downloading of music and movies from Torrent sites, many sites which index torrents are filled with aggressive ads tricking the user into running programs and other junk which they don't need including malware.

Keeping in mind the large amount of ads on the site of SubTorrents, it would have been fair to suspect a malvertising issue but it turns out that the site itself has been compromised and serves a well-hidden iframe.

Scmagazine.com published news on 5th May, 2015 quoting Jerome Segura, Senior Security Researcher of Malwarebytes, as saying "The attacker may leverage a vulnerability in the site itself or credentials (were) stolen from one of the administrators."

He believes that the website is still compromised although Malwarebytes has informed the site administrators but they have heard back nothing.

Segura observed that when visitors activate the malicious code, they are ultimately redirected to Fiesta Exploit Kit with a new format. He added that most of the exploit kits can be recognized by their URL's designs which are strings used as parameters to enable exploitation process properly and Fiesta Exploit Kit has very unique URLs which stand out when compared to other exploit kits.

Segura said that Fiesta Exploit Kit will use vulnerabilities in Silverlight, Internet Explorer, Java and Flash to serve visitors Kovter ransomware and that the malware becomes aware of virtual machines and will only install on genuine computers.

It is dangerous business to download illegal Torrents. Users have to navigate via many misleading ads and pop ups in addition to fake files which waste your time and bandwidth.

They may finish with a saving of few bucks off which latest movie but could also risk a lot more such as getting infected with a horrible malware. Malwarebytes concluded that ransomware becomes quite prevalent these days due to which all files of users including movies and songs could be encrypted and held for ransom.

» SPAMfighter News - 5/13/2015