Targeted Assaults Strike Visitors of ammyy.com Site

ESET recently exposed many instances of malware getting disseminated through one well-planned website hijack wherein people accessing the ammyy.com site, renowned for desktop software of remote form and freely available without any configuration, are the most recent under attack.

ESET says, people going to this website found one package presented having not just Ammyy's lawful Ammyy Admin the Remote Desktop Software; however, malicious software too.

During late-October, security researchers observed that for approximately 7-days, people going to ammyy.com pulled down a downloader, which consisted of the Ammyy software as well as malware. Paradoxically, although Ammyy Admin is an authentic computer program, for fairly long, online-scammers have been using it, with many security products too identifying it as PUA (Potentially Unsafe Application).

Likewise, one prominent download site 'download.com' does not give any direct-download web-link for acquiring Ammyy software rather it presents the web-page from where to download Ammyy Admin with information merely.

Malware Researcher Jean-Ian Boutin at ESET remarks that since cyber-attackers currently employ well-planned website hijacks, it again shows narrowing of the chasm hitherto observed between the techniques that cyber-attackers employ and those that actors responsible for 'Advanced Persistent Threats' do. Albeit the two groups aren't associated with each other, the installers which might've gotten pulled down from ammyy.com happened to be identical every time. While the executable downloads Ammyy's actual item, it also pulls down one file with the name either AmmyySvc.exe or AmmyyService.exe that has the malevolent payload, Boutin adds. News.thewindowsclub.com reported this, November 12, 2015.

Moreover, from October 26-November 2, 2015, many kinds of malicious programs -Ranbyus, Buhtrap, Corebot, RAT and Netwire- were getting disseminated across credulous website visitors counting to thousands.

Among the malicious programs spread through ammyy.com, the most fascinating is the download bundle employed during Operation Buhtrap.

ESET states Operation Buhtrap can yet be seen and there are new updates that Buhtrap's creators regularly post. The gang quite following the Carbanak malware group is employing tactics which ESET has been observing in targeted assaults. It is only that because they currently execute well-planned website hijacks that it's narrowing the space distancing the methodologies of cyber-crooks and those of APT perpetrators.

» SPAMfighter News - 11/19/2015