Attack Intelligence Research Center Monthly Threat Report MalWeb Continues to Make Waves on Legitimate Sites



Similar documents
Attack Intelligence Research Center Monthly Threat Report MalWeb Evolution and Predictions

Technical White Paper. Two-Factor Authentication The Real Cost of Ownership

The Microsoft JPEG Vulnerability and the Six New Content Security Requirements

WEB ATTACKS AND COUNTERMEASURES

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Five Tips to Reduce Risk From Modern Web Threats

GlobalSign Malware Monitoring

Streamlining Web and Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security


INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Phishing Activity Trends Report June, 2006

Internet basics 2.3 Protecting your computer

DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS

Defending Against. Phishing Attacks

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Internet Basics. Meg Wempe, Adult Services Librarian ABOUT THIS CLASS. P a g e 1

Websense Web Security Solutions

Practical guide for secure Christmas shopping. Navid

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

MALWARE TOOLS FOR SALE ON THE OPEN WEB

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION

Protecting your business from fraud

Table of Contents. Page 2/13

Phishing Activity Trends

VPN Solutions FAQ North America International Germany Benelux France Spain Israel Asia Pacific Japan

ZNetLive Malware Monitoring

Phishing Activity Trends Report for the Month of December, 2007

Protecting Against Online Fraud with F5

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success

Protect Your Business and Customers from Online Fraud

The Key to Secure Online Financial Transactions

2012 NORTON CYBERCRIME REPORT

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD

Cyber Crime: You Are the Target

of firms with remote users say Web-borne attacks impacted company financials.

Fraud Threat Intelligence

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Phishing Activity Trends Report. 1 st Half Committed to Wiping Out Internet Scams and Fraud

Corporate Presentation

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

WEB CONTENT SCANNER SDK

Malware Monitoring Service Powered by StopTheHacker

2012 Bit9 Cyber Security Research Report

Trust the Innovator to Simplify Cloud Security

Payment Fraud and Risk Management

How To Protect Your Online Banking From Fraud

Introduction: 1. Daily 360 Website Scanning for Malware

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Best Practices Top 10: Keep your e-marketing safe from threats

Managing Web Security in an Increasingly Challenging Threat Landscape

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

Be Prepared for Java Zero-day Attacks

Avoid completing forms in messages that ask for personal financial information.

What Do You Mean My Cloud Data Isn t Secure?

The Importance of Patching Non-Microsoft Applications

The anatomy of an online banking fraud

Using big data analytics to identify malicious content: a case study on spam s

White Paper. McAfee Web Security Service Technical White Paper

NATIONAL CYBER SECURITY AWARENESS MONTH

Selecting the right cybercrime-prevention solution

Two-Factor Authentication

Phishing Activity Trends Report. 1 st Quarter Unifying the. To Cybercrime. January March 2014

Grow Your Business by Building Customer Trust

The risks borne by one are shared by all: web site compromises

CS 558 Internet Systems and Technologies

Global Manufacturing Company Reduces Malware Infections by 46%

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

What Does DNSChanger Do to My Computer? Am I Infected?

Business Identity Fraud Prevention Checklist

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Endpoint Security Management

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

How To Get Rid Of A Phish Locker On A Computer (For A Bank)

4 Steps to Effective Mobile Application Security

Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise

Web Application Worms & Browser Insecurity

Malware & Botnets. Botnets

MALWARE REPORT HALF-YEAR-REPORT JANUARY JUNE 2015 G DATA SECURITYLABS

white paper Malware Security and the Bottom Line

The current case DNSChanger what computer users can do now

Making Your Enterprise SSL Security Less of a Gamble

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

4/20/2015. Fraud Watch Campaign. AARP is Fighting for You. AARP is Fighting for You. Campaign Tactics. AARP can help you Spot & Report Fraud

Spyware Linkages to Malware and its Affects A Multi-Layered Approach to Stopping Information Theft

NUIT Tech Talk. Peeking Behind the Curtain of Security. Jeff Holland Security Vulnerability Analyst Information & Systems Security/Compliance

Spear Phishing Attacks Why They are Successful and How to Stop Them

Spyware: Securing gateway and endpoint against data theft

The Importance of Patching Non-Microsoft Applications

avast! Free Antivirus for Mac Quick Start Guide avast! Free Antivirus for Mac Quick Start Guide

3 Marketing Security Risks. How to combat the threats to the security of your Marketing Database

Websense Data Security Solutions

The monsters under the bed are real World Tour

Doyourwebsitebot defensesaddressthe changingthreat landscape?

Protecting Data From the Cyber Theft Pandemic. A FireEye Whitepaper - April, 2009

Transcription:

Attack Intelligence Research Center Monthly Threat Report MalWeb Continues to Make Waves on Legitimate Sites A l a d d i n. c o m / e S a f e

Following up on some recent attacks, the AIRC team wanted to see how the Web looks these days in terms of lessons learned, and the impact that MalWeb has on the average user. In completely subjective research, we hit our browsers in an attempt to emulate a benign business user and see how we would fare finding MalWeb-infested sites. To our surprise, the past year s advances in Web security haven t really been effective, and we started coming across sites in the likes of a radio station homepage, a large franchise management site and even a couple of government sites,which were all infested with malicious code just waiting to attack hapless users. RESEARCH PAPER

A l a d d i n. c o m / e S a f e

The reason for the eclectic array of (obviously) legitimate sites, is that our search terms were in the spirit of current news, career opportunities, elections, and personal finance. Digging into the attacks, we realized that there isn t anything new same old SQL injection into a vulnerable site, or cross-site scripting that infested a site s cache with problematic content that would come up on a search and have the visitor exposed to MalWeb. The usual suspect this time was a script that was included in all the sites mentioned above (and about 6,000 additional ones that we did not analyze thoroughly). esafe

The funny thing about this script is that it states its intentions to begin with if you do not already have the AntivirXP08 installed on your PC, well, you will now! For more references on rogue AV software used for social engineering of victims to install Trojans on their PCs see [sunbelt references]. Taking the next step to infection is as easy as not doing anything. Remember this is MalWeb, no interaction is needed. All you need to do is just VIEW the legitimate site, and the MalWeb takes care of the rest. Finally we get the somewhat more familiar obfuscated Java script that, when run, is actually doing this: A l a d d i n. c o m / e S a f e

1. Exploiting a QuickTime vulnerability 2. Exploiting a Microsoft WMV vulnerability And of course the traditional Trojan download and silent install in the background. Now for the really sarcastic part one of the domains used in the attack has only been registered since the day before (September 16th), and when looking at the contents for the homepage, another financially related story comes up on the front page: Looks really legitimate, and a quick search uncovers the culprit:

Looks familiar, but note that the legitimate site (as opposed to the malicious site hosting legitimate content), has a Security Center and Email Scam link in red font, which explains that the company in subject has been experiencing brand name theft, and several sites hosting their website content are luring unsuspecting victims for the purpose of phishing and other financial fraud. It appears as if we hit a fresh one the attacks have seemingly faded out according to research on the Web (http://www.bobbear.co.uk/nescoaccounting.html) that not only hosts the legitimate content, most likely for phishing, but also participates in the MalWeb to malware business, which is an interesting trend in today s turbulent economic times. The location of the participating domains is not a surprise. As usual, a capitalistic economy with commoditized products provides the best place to host any kind of Web content: Looking forward The experience from our latest Internet browsing ended up leaving somewhat of a bad taste. None of the sites we visited have been flagged as they should have by our fastidiously up-to-date browsers we are using the latest versions of Google Chrome and Firefox. Google or Yahoo didn t object, either, when the results came up containing the MalWeb-serving sites. Trying to make predictions in such a stagnant state of security is pretty challenging, however we do anticipate that although some more restrictions would be placed on MalWeb-serving sites, they would not be sufficient, and would be severely delayed. Truth be told some of the search results we received did contain warnings indicating the possibility that malicious content might be on the site, but NONE of these sites contained the malicious scripts anymore, and even some of the sites that were not flagged were already serving clean content. The AIRC team predicts that as criminals continue to generate as high returns on their activities as they do now, the methods of distribution will continue to evolve and the context in which MalWeb is served will turn more localized and more relevant to a specific period of time. You need only to watch your news tickers to guess where attackers are aiming their crossbows. A l a d d i n. c o m / e S a f e

About the Attack Intelligence Research Center The Aladdin Attack Intelligence Research Center (AIRC) is a premier facility for Internet threat detection and cybercrime investigation. The mission of the AIRC is to deliver security research and intelligence that educates, supports and strengthens the security community, and drives innovation in Aladdin s content security solutions. Based in Tel Aviv, the AIRC is comprised of global security researchers and law enforcement and cybercrime specialists dedicated to finding and eradicating Internet threats that compromise legitimate business safety. AIRC goes beyond traditional threat detection to provide business intelligence around evolving threats, predict future trends in Internet security, and uncover the inner workings and affects of the business of ecrime. For more information, visit www.aladdin.com/airc. About Aladdin Aladdin Knowledge Systems (NASDAQ: ALDN) is an information security leader with offices in 12 countries, a worldwide network of channel partners, and numerous awards for innovation. Aladdin etoken is the world s #1 USB-based authentication solution, offering identity and access management tools that protect sensitive data. Aladdin HASP SRM boosts growth for software developers and publishers through strong anti-piracy protection, IP protection, and secure licensing and product activation. Aladdin esafe delivers real-time intelligent Web gateway security that helps protect data and networks, improve productivity, and enable compliance. Visit www.aladdin.com.

For more contact information, visit: www.aladdin.com/contact North America: +1-800-562-2543, +1-847-818-3800 UK: +44-1753-622-266 Germany: +49-89-89-4221-0 France: +33-1-41-37-70-30 Benelux: +31-30-688-0800 Spain: +34-91-375-99-00 Italy: +39-022-4126712 Portugal: +351-21-412-36-60 Israel: +972-3-978-1111 China: +86-21-63847800 India: +91-22-67255943 Japan: +81-426-607-191 Mexico: +52-1-55-4159-9733 All other inquiries: +972-3-978-1111 2008 Aladdin Knowledge Systems, Ltd. All rights reserved. Aladdin is a registered trademark of Aladdin Knowledge Systems, Ltd. All other names are trademarks or registered trademarks of their respective owners.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information