Articles about Drive-By Download

A grey beard

Greybeards beware: Hair dye for blokes outfit Just For Men served trojan

Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says. Attackers are using the RIG exploit kit, which recently dethroned Neutrino as the most popular of the off-the-shelf crime kits that make …
Team Register, 21 Sep 2016

Exploit kit miscreants rush to plug gap in cyber-crime marketplace

Cybercrooks behind the Sundown Exploit Kit are rapidly updating the hacking tool in a bid to exploit a gap in the market created by the demise of the Angler and Nuclear exploit kits. While RIG and Neutrino have been the primary protagonists in the void left by Angler and Nuclear, Sundown is also vying for an increased share in …
John Leyden, 13 Jul 2016

⌘+c malware smacks Macs, drains keychains, pours over Tor

More malware capable of pilfering Mac keychain passwords and shipping them over Tor has been turned up, less than a day after a similar rare trojan was disclosed. Dubbed Keydnap, the malware is delivered as a compressed Mach-O file with a txt or jpg extension, with a hidden space character which causes it to launch in terminal …
Darren Pauli, 07 Jul 2016

Tell us, evil phisherfolk: What's wrong with Angler Exploit Kit?

Crooks behind exploit kits have switched from using the Angler to favouring Neutrino in recent attacks. “Angler EK has almost completely disappeared,” according to Malwarebytes, a net security firm that has made a name for itself in closely tracking malicious advertising (malvertising) attacks. “We see Neutrino EK take centre …
John Leyden, 13 Jun 2016

Hackers' paradise: Outdated Internet Explorer, Flash installs in enterprises

A quarter of all Windows devices are running outdated and unsupported versions of Internet Explorer, exposing users to more than 700 known vulnerabilities in process. A study by mobile two-factor authentication firm Duo Security released today further reports that three in five (60 per cent) Flash users are running an out-of- …
John Leyden, 10 May 2016

Domination: Crims steal admin logins, infect sites, drop Cryptowall 4

Virus slingers who find themselves unsatisfied by merely ruining computers with ransomware are now first stealing a victim's admin passwords to enslave their websites into attack campaigns. The battery starts with the installation of the Pony malware, which in 2013 stole some two million passwords through its global botnet. …
Darren Pauli, 04 Dec 2015
The Black Hole's Maximilliam. Source: Disney

Blackhole's back: Hated exploit kit returns from the dead

The seemingly long-defunct Blackhole Exploit Kit has resurfaced in a fresh run of drive-by download attacks, according to research carried out by security firm Malwarebytes. The cybercrime tool was widely used by hackers to push malware from compromised websites onto the Windows machines of visiting surfers for years up to …
John Leyden, 18 Nov 2015

3ROS exploit wins plaudits for the prettiest Mal-GUI ever

The 3ROS exploit kit is one of the most user-friendly malware tools to have emerged and will likely spawn variants, malware men say. Exploit kits are the preferred method of infecting large numbers of web users. The malware often packs a series of known and zero day exploits against major browsers and software like FireFox and …
Darren Pauli, 16 Nov 2015

German surfers blitzed by widespread malvertising campaign

German surfers are under attack from multiple directions this week because of a widespread malvertising campaign. Users of eBay.de and subscribers of ISP T-Online.de were confronted with tainted ads after cybercrooks succeeded in pushing malicious traffic through rogue systems. The attacks began after hackers circumvented …
John Leyden, 22 Oct 2015
Steven Seagal in Under Siege

Redmond yells 'CUT' on Hacking Team horror movie exploit

Another of exploits against Microsoft Windows that hit as a zero day after Hacking Team was hacked has been fixed. Trend Micro threat bod Kenney Lu says the fix for CVE-2015-2509 was among the 56 of this week's Patch Tuesday bug-splat. Hacking Team's remote code execution exploit works on Windows Vista through to 8 and works …
Darren Pauli, 10 Sep 2015
Imperva switcher attack illustration

Imperva demos cloudy man-in-the-middle attack

Dropbox, OneDrive, Google Drive, and Box can be raided via a man-in-the-middle attack, without an attacker needing access to users' plaintext credentials, according to security bods at Imperva. Instead, in this paper [PDF] presented to BlackHat, the company's Application Defense Center says users' local sync folders serve just …

Mozilla loses patience with Flash over Hacking Team, BLOCKS it

Mozilla has temporarily blocked Flash in Firefox while waiting for Adobe to release patches to fix yet more serious security holes in the Swiss-cheese-like plugin. These holes can be exploited by criminals to hijack PCs and infect them with malware; details of the bugs emerged from leaked Hacking Team files. Firefox began …
John Leyden, 14 Jul 2015
SpaceX CRS-6 launch

SpaceX’s anti-hacker tech powers UK launch of security startup

Infosec 2015 Technology originally developed to keep Chinese hackers from stealing SpaceX's secrets more than a decade ago has become the centrepiece of a browser isolation security startup. Branden Spikes, the chief exec of Spikes Security, spent 15 years as the technological right hand of Elon Musk at startups including PayPal, Tesla and …
John Leyden, 02 Jun 2015

Ebay snuffs malware upload bug

Hacker Aditya Sood has disclosed two vulnerabilities in eBay that allow hackers to upload files for drive-by-download attacks. The security bod (@AdityaKSood) told ThreatPost the flaws allow attackers to upload malicious content that appear to be benign. Once uploaded to eBay, malware can be sent to victims using direct links …
Darren Pauli, 31 Mar 2015
Shot of a girl with a mask biking through Beijing

Web protection: A flu mask for the internet

The internet is no longer optional for organisations. It is where business lives. Unfortunately, it is also probably the worst neighbourhood on the planet, filled with cybercriminals, hacktivists, and corporate and state spies. And the internet is both the largest and the smallest neighbourhood. All of these people live just …
Robin Birtstone, 09 Mar 2015
Adobe Flash installer

Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming

Adobe plans to patch Flash yet again after yet another zero-day vulnerability in the web video software leaves PCs prone to hijacking. The PSA15-02 security advisory details a security hole that hackers are already exploiting to compromise vulnerable systems. An upcoming update to squash the critical bug makes it three patches …
John Leyden, 02 Feb 2015
iPad Psycho image

Top smut site Flashes visitors, leaves behind nasty virus

A massive malvertising campaign leveraging the recent Adobe Flash zero day vulnerability has surfaced on popular* adult site xHamster, analysts say. The attack served the Bedep Trojan to the site's 500 million viewers a month through a surreptitious exploit on the landing page. It did not take advantage of the Angler exploit …
Darren Pauli, 29 Jan 2015

Popular Science site shrugs off malicious code infection

Surfers visiting Popular Science would be well advised to check their systems following an attack that has left the site compromised and harbouring malicious code. Security firm Websense warns that visiting the site exposed surfers to the RIG exploit kit. The malicious code was removed on Wednesday, but a number of surfers may …
John Leyden, 31 Oct 2014

Monster banking Trojan botnet claims 500,000 victims

Security researchers have uncovered the infrastructure behind one of largest and most voracious banking Trojan networks uncovered to date. The Qbot (aka Qakbot) botnet apparently infected 500,000 systems before sniffing "conversations" – including account credentials – for a whopping 800,000 online banking transactions. More …
John Leyden, 07 Oct 2014

jQuery site popped to serve malware slop

The jQuery site served credential-stealing malware to scores of users who visited the website on September 18, researcher James Pleger says. The super-popular JavaScript library was used by 30 percent of websites including 70 percent of the 10,000 most popular sites which may have been compromised by the RIG exploit kit. …
Darren Pauli, 24 Sep 2014
Malware

Car makers, space craft manufacturers infected with targeted recon tool

Researcher James Blasco is warning the auto and aerospace industries against engineering software that's been compromised by keystroke-logging and reconnaissance malware. Blasco says an un-named provider of such software was compromised after a staffer visited a watering hole website that was established specifically to lure …
Darren Pauli, 03 Sep 2014
Cryptowall ransomware notice

KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION

Victims of the CryptoWall ransomware have been extorted out of at least $1m. Despite a takedown operation in June, CryptoWall continues to be the largest and most destructive ransomware threat on the internet, according to the latest analysis of the threat by security researchers from Dell SecureWorks Counter Threat Unit. …
John Leyden, 29 Aug 2014
Cloud security image

Skiddies turn Amazon cloud into 'crime-as-a-service' – security bod

Amazon Web Services' share of cloud-hosted malware-slingers has more than doubled in the last six months. That's according to NTT subsidiary Solutionary, which revealed the finding in its Q2 2014 Security Engineering Research Team (SERT) report published on Tuesday. The infosec researchers said that, out of the top ten ISPs …
Jack Clark, 17 Jul 2014
Windows XP

Cyber crims smash through Windows into the great beyond

Windows has been a beleaguered piece of software over the years. That is because malicious hackers, like everyone else, want to walk the simplest path to the greatest glory. Microsoft’s operating system has been the most popular one for the past 20 years, so it has attracted the most malware. One IT professional told The …
Tom Brewster, 29 May 2014

Hidden 'Windigo' UNIX ZOMBIES are EVERYWHERE

Hackers using a Trojan seized control of over 25,000 Unix servers worldwide to create a potent spam and malware distribution platform. The attack, dubbed Operation Windigo1, was uncovered by security experts at anti-virus firm ESET, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing, as well as …
John Leyden, 18 Mar 2014
QuickTime X Player

Apple slams shut TEN code execution holes in QuickTime on Windows

Apple has patched security vulnerabilities in the Windows version of its QuickTime media player that allowed malicious video files to execute arbitrary code. The entertainment goliath said version 7.7.5 of QuickTime will fix 10 serious bugs that can be exploited to crash the software or pull off remote-code execution on Windows …
Shaun Nichols, 28 Feb 2014

Fiendish Internet Explorer 10 zero-day targets US soldiers

Cyberspies have used an unpatched vulnerability in Internet Explorer 10 in an exploit which appears to target US military personnel. Among three high-priority updates in the most recent Patch Tuesday (11 February) was a cumulative fix for Explorer which addressed a whopping two dozen different memory corruption vulnerabilities …
John Leyden, 14 Feb 2014

Facebook coughs up $33.5k... its BIGGEST bug bounty EVER

Facebook has awarded its highest bug bounty to date after the discovery of a vuln which could have been used to spray Facebookers with drive-by download-style malware exploits. Brazilian web security researcher Reginaldo Silva earned $33,500 for giving the social network a heads-up about an XML external entity vulnerability …
John Leyden, 24 Jan 2014

Your browser may be up to date: But what about the PLUGINS?

Two in five (39 per cent) of computers submitted for testing to a free browser security test from Qualys were affected by critical vulnerabilities, mostly related to browser plug-ins. The findings, based on 1.4 million BrowserCheck computer scans, paint a picture of e-commerce buyers left wide open to attacks by cybercriminals …
John Leyden, 02 Dec 2013
balaclava_thief_burglar

'Neverquest' bank-robber 'ware throws the whole Trick Book at victims

A new banking trojan that its creators brag can attack “any bank in any country” has already been blamed for several thousand attempts to infect computers. The Neverquest banking trojan supports almost every trick used to bypass online banking security systems, including web injection, remote system access and social engineering …
John Leyden, 29 Nov 2013
balaclava_thief_burglar

Stolen CREDIT CARD details? Nah... crooks desire your PRIVATES

Prices on underground cybercrime marketplaces are dropping, with credit card details now in less demand than the personal data of individuals, according to a new study. And even personal details and bank account credentials are getting cheaper to buy on underground hacker markets, according to a study by Dell SecureWorks’ …
John Leyden, 22 Nov 2013

Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too

Russian-speaking virus writers have brewed up a stealthy strain of banking Trojan that communicates over peer-to-peer networks using an encrypted darknet protocol that's arguably even stealthier than TOR: I2P. The i2Ninja malware offers a similar set of capabilities to other major financial malware such as ZeuS and SpyEye – …
John Leyden, 21 Nov 2013

Stale Blackhole leads to dried-up spam, claim badhat-probers

Security researchers at Trend Micro reckon that Blackhole, cybercrooks' preferred tool for running drive-by download attacks from compromised websites, is no longer being updated. This means the utility - which was available for rent at around $50 a day - has quickly gone stale. Nature abhors a vacuum, though, and malware- …
John Leyden, 12 Nov 2013

PHP.net resets passwords after malware-flinging HACK FLAP

The team behind popular web programing site PHP.net is in the process of restoring services and tightening security in the aftermath of a hack that exposed visitors to JavaScript-based exploits. Malicious JavaScript code was served to a small percentage of php.net users between 22 and 24 October after two php.net servers were …
John Leyden, 25 Oct 2013
balaclava_thief_burglar

Moscow cops cuff suspect in Blackhole crimeware bust

The infamous Blackhole Exploit Kit has gone dark following the reported arrest in Russia of a suspect whom police believe is linked to the malware. Blackhole has been the preferred tool for running drive-by download attacks and therefore a menace to internet hygiene for the last three years. A suspect linked to Blackhole was …
John Leyden, 10 Oct 2013

Java updates too much of a bother? Maybe online banking's just not for you

Security researchers have spotted a surge in attacks against online banking customers, thanks to a new strain of Java-exploiting Trojan Caphaw (aka Shylock). Over the last month or so the malware has targeted customers in at least 24 financial institutions, including Bank of Scotland, Barclays Bank, First Direct, Santander …
John Leyden, 23 Sep 2013

Beware the ad-punting crapware-laden Firefox, warn infosec bods

Internet users looking for a US Green Card are at risk of being conned by a fake advert into installing an adware-laden version of Firefox, security researchers have warned. The ruse was spotted over the weekend after it began appearing in online ads peddling supposed US Green Card lotteries. Regardless of what make or version …
John Leyden, 13 Aug 2013

Patch Tuesday: And EVERY version of IE needs fixing AGAIN

June's Black Tuesday patch update from Microsoft has rolled into town with five bulletins, including a solitary critical update that tackles flaws in all supported versions of Internet Explorer. The IE update (MS13-047) grapples with 19 vulnerabilities and covers all versions of IE, from IE6 to IE10, on all supported versions of …
John Leyden, 12 Jun 2013
The Register breaking news

Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE

The recent volatility in the value of Bitcoins hasn't prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers. Security researchers at ThreatTrack Security have uncovered examples where the infamous Blackhole exploit kit is being used to distribute a …
John Leyden, 18 Apr 2013
The Register breaking news

Microsoft to slap 9 patches on Windows junkies on Tuesday

Microsoft is lining up nine patches - two critical - as part of the April edition of its regular Patch Tuesday update cycle. The nine bulletins due on 9 April affect all versions of Windows, some Office and Server components as well as Windows Defender on Windows 8 and RT. The first of the two critical updates covers all …
John Leyden, 05 Apr 2013
The Register breaking news

Cyberspies send ZOMBIES to steal DRUGS from medical research firms

Cyber-espionage crews have been targeting the lucrative medical and life science industries using custom malware and spear-phishing, according to new research. According to a current US counterintelligence report which it delivered to US Congress, healthcare services and medical equipment are expected to be two of the five …
John Leyden, 21 Mar 2013
The Register breaking news

Black Tuesday patchfest: A lot of digits plug security dykes

Microsoft carried out a fairly comprehensive spring cleaning of vulnerabilities on Tuesday, fixing 20 vulnerabilities with seven bulletins, four of which are rated critical. Heading the critical list is an update for Internet Explorer (MS13-021) that tackles nine vulnerabilities, including a zero-day vulnerability in IE 8. " …
John Leyden, 13 Mar 2013
The Register breaking news

Get up, shake off the hangover: These 57 Microsoft holes won't fix themselves

A bumper Microsoft Patch Tuesday has rolled out 12 security bulletins that collectively address a hefty 57 vulnerabilities. Five of these bulletins reveal critical holes in the software giant's products: one bulletin (MS13-009) covers 13 bugs found in Internet Explorer, while another (MS13-016) tackles a privilege-escalation …
John Leyden, 13 Feb 2013
The Register breaking news

Adobe muzzles TWO zero-day wild things with emergency Flash patches

Updated Adobe published a critical Flash Player update on Thursday that fixes not just one but two zero-day flaws, both under active attack by hackers. Both Windows and Mac users are in the firing line. One of the vulnerabilities (CVE-2013-0633) is being harnessed in targeted attacks designed to trick marks into opening a Microsoft Word …
John Leyden, 08 Feb 2013

Microsoft techies bust data centres, pull plug on Bamital botnet

The Bamital web-search-hijacking botnet has been taken down by security researchers from Microsoft and Symantec with help from the Feds. The crack unit raided a number of data centres where the botnet's servers were located. Bamital malware intercepted victims' search requests - including those sent to Google, Yahoo! and …
John Leyden, 07 Feb 2013
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for …
OUT-LAW.COM, 11 Jan 2013
The Register breaking news

Microsoft Santa gifts you with 5 critical fixes in Xmas Patch Tuesday

December's Patch Tuesday brought seven bulletins from Microsoft, five of which cover critical security vulnerabilities. A critical update for MS Word (MS12-079) is rated by security watchers as the most important of the batch. A flaw in Rich Text Format (RTF) processing poses a severe risk because Microsoft Outlook automatically …
John Leyden, 12 Dec 2012
The Register breaking news

Firefox and Opera squish big buffer overflow bugs

It's time to update alternative browser software again, with new releases of Firefox and Opera out this week. Firefox 17, released Tuesday, features improved support for social networking functions, such as Facebook Messenger, as well as new features to prevent blacklisted extensions from running without user permission. Support …
John Leyden, 22 Nov 2012
The Register breaking news

Evildoers can now turn all sites on a Linux server into silent hell-pits

An advanced Linux malware strain can automatically hijack websites hosted on compromised servers to attack web surfers with drive-by-downloads. The software nasty targets machines running 64-bit GNU/Linux and a web server, and acts like a rootkit by hiding itself from administrators. A browser fetching a website served by the …
John Leyden, 21 Nov 2012
The Register breaking news

Opera site served Blackhole malvertising, says antivirus firm

Opera has suspended ad-serving on its portal as a precaution while it investigates reports that surfers were being exposed to malware simply by visiting the Norwegian browser firm's home page. Malicious scripts loaded by portal.opera.com were redirecting users towards a malicious site hosting the notorious BlackHole exploit kit …
John Leyden, 15 Nov 2012