الأربعاء، 17 فبراير 2016

Latest Malvertising Campaigns Hit Skype

Latest Malvertising Campaigns Hit Skype

Latest Malvertising Campaigns Hit Skype


According to the Malvertising compaigns it has been showed that non-browsed-based applications are also vulnerable and can be hit & targeted by any attacks.

Recently, by a Malvertising compaign, F-secure noticed an unusual spike in the AppNexus ad platform activity. AppNexus serves advertising for skype. According to the Finnish company, The Angler exploit kit and TeslCrypt ransomware has been pushed by a recent malvertising compaign by hitting several top publishers. Some infections has been caused by the Skype.  

The firm noted in his overview that "Whenever the add displayed in a platform that is external to the browser that doesn't means that we can't access it, so users also would not be affected. This attack was not targeted only the Skype users, because already there was the visits of so many other typical browser,"

The popular websites redirected to the internet portals (msn.com), news sites (dailymail.co.uk) and so many gaming websites too (wowhead.com, gsn.com, zam.com, wikia.com)



"Firstly it redirected to Angler exploit kit, and after that install the TeslaCrypt(ransomware)" Once the compaign ended up. When the TeslaCrypt designed that time it only targeted those computers that contained installed specific computer games, but now it's not so it widened its preview. 
Now TeslaCrypt can do many other new things like:

  1. It can encrypt all files.
  2. It lock the victims.
And if the victim need to unlock the key then he/she has to pay some amount of ransom to the attacker to get the decrypt key, and it can vary from $150 to $1,000 worth of bitcoin.

According to the security researchers "this malware was hidden in online ads that threatened the visitors of TMZ(celebrity gossip portal), in last week and it was the only portal that was affected so much and it also affected other popular sites like film review site Rotten Tomatoes, Jerusalem Post etc"

Jerome Segura (a malwarebytes senior researcher) said that "In order to hide the location of back-end server and to encrypt ad delivery, content delivery platform CloudFlare has been used by the cyber-criminals"


ليست هناك تعليقات:

إرسال تعليق