Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Malvertising Assaults Result in Attack Toolkit Magnitude and Ransomware, says Zscaler

According to Zscaler the security company, cyber-crooks are inserting harmful diversion code inside online ads so they can channel user traffic onto websites harboring Magnitude the attack toolkit that in turn loads various file-encrypting ransomware programs onto those users' computers.

Magnitude primarily requires drive-by-download assaults to work, wherein to contaminate victims, it makes use of 'browser plug-ins' that have security flaws. The harmful ads are utilized within a campaign that is popularly called malvertising, which divert end-users via "302 cushioning" onto websites delivering Magnitude, within the current instance.

The "302 cushioning," which also means cushion attacks, try eluding detection and intrusion prevention solutions via showing an alert about a 302 HTTP diversion. As a result, when the victim reaches the fake 302 web-page, he mechanically gets diverted via his Web-browser onto one sinister page, which hosts Magnitude.

And when that particular user communicates on the contaminated website, Magnitude exploits the integer overflow vulnerability namely MS13-009 that software giant Microsoft patched during February 2013, and installs two payloads - one extremely obfuscated JavaScript and one malevolent Flash.

But Zscaler says that the attackers have just deferred installing the malicious software payload replacing it with one shellcode payload. This shellcode utilizes the DLL file urimon.dll for getting several previously specified URLs, including one that serves CryptoWall 3.0.

The CryptoWall 3.0, a ransomware, is extremely profitable as the controllers seek Bitcoin payments through the anonymous Tor platform.

According to one Zscaler Spokesperson, miscreants use this payment collection technique since it leaves little trace of the criminal. The extortion technique especially compromises victims as most people do not appear as maintaining backup of their crucial picture and document files, he remarks. Scmagazineuk.com reported this in news on May 21, 2015.

With attack toolkits evolving for evading typical detection systems; attackers using different infection techniques, like iFrame insertion and malicious ad posting on hijacked websites; and ransomware proving extremely lucrative (a maximum of $33,000 is earned daily in every attack), the mentioned assaults' sophistication continuously increases so security professionals require being informed from time to time of such a maturing lawless trading place, Zscaler concludes.

» SPAMfighter News - 6/2/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page