Malvertising Assaults Result in Attack Toolkit Magnitude and Ransomware, says Zscaler

According to Zscaler the security company, cyber-crooks are inserting harmful diversion code inside online ads so they can channel user traffic onto websites harboring Magnitude the attack toolkit that in turn loads various file-encrypting ransomware programs onto those users' computers.

Magnitude primarily requires drive-by-download assaults to work, wherein to contaminate victims, it makes use of 'browser plug-ins' that have security flaws. The harmful ads are utilized within a campaign that is popularly called malvertising, which divert end-users via "302 cushioning" onto websites delivering Magnitude, within the current instance.

The "302 cushioning," which also means cushion attacks, try eluding detection and intrusion prevention solutions via showing an alert about a 302 HTTP diversion. As a result, when the victim reaches the fake 302 web-page, he mechanically gets diverted via his Web-browser onto one sinister page, which hosts Magnitude.

And when that particular user communicates on the contaminated website, Magnitude exploits the integer overflow vulnerability namely MS13-009 that software giant Microsoft patched during February 2013, and installs two payloads - one extremely obfuscated JavaScript and one malevolent Flash.

But Zscaler says that the attackers have just deferred installing the malicious software payload replacing it with one shellcode payload. This shellcode utilizes the DLL file urimon.dll for getting several previously specified URLs, including one that serves CryptoWall 3.0.

The CryptoWall 3.0, a ransomware, is extremely profitable as the controllers seek Bitcoin payments through the anonymous Tor platform.

According to one Zscaler Spokesperson, miscreants use this payment collection technique since it leaves little trace of the criminal. The extortion technique especially compromises victims as most people do not appear as maintaining backup of their crucial picture and document files, he remarks. Scmagazineuk.com reported this in news on May 21, 2015.

With attack toolkits evolving for evading typical detection systems; attackers using different infection techniques, like iFrame insertion and malicious ad posting on hijacked websites; and ransomware proving extremely lucrative (a maximum of $33,000 is earned daily in every attack), the mentioned assaults' sophistication continuously increases so security professionals require being informed from time to time of such a maturing lawless trading place, Zscaler concludes.

» SPAMfighter News - 6/2/2015