Hackers used Yahoo’s Ad network to infect an unknown (to the public) number of users over a 7 day period. The attack started July 28th and targeted a number of Yahoo’s heavily trafficked sports, news and finance websites.
The attack was first uncovered by Malwarebytes. Once users visited one of the pages that was sending out the malware banners, the Windows machines were automatically infected. Infected machines were either held for ransom by the attackers or silently directed to other sites which paid the hackers for additional traffic.
It is believed that the attackers were using Flash exploits uncovered with the release of HackingTeam’s data. Once again, if you can live without Flash, you should.
Researchers at TrendLabs have identified new attack vectors for Flash vulnerabilities uncovered by HackingTeam. Instead of targeting users through targeted phishing campaigns that directed them to websites with malicious content. The team has found Flash malware embedded in office documents.
This is a change as more normally Microsoft Office attachments are targeted with macros etc. that target the Office suite of applications, sometimes calling out from them to get additional pieces of malware. In these new instances, the Office documents are just transporting an embedded Flash vulnerability. If the exploit succeeds, it is used to download the actual malware payload.
In the HackingTeam versions of this attack method, they would embed a Flash file which then would download the exploit.
To make detection more difficult, HTTPS is used to encrypt network traffic and at times the malware use is encrypted with a random 4-byte key.
As always it is best to keep your Flash software up to date and either choose “click-to-play” in browsers or disable Flash entirely. These controls only work against attacks that use Flash in the browser. Flash in Microsoft Office is not protected by this. Completely disabling or removing Flash from your system is a better solution. Windows users can also use kill bits to disable Flash from running.
- New vulnerabilities have been found within Android that are not known to be actively exploited
- The vulnerabilities are tied to media playback tools and indexers
- Patches for Stagefright should begin to be released week of 8/2/15
Recently a security researcher revealed a series of high-severity vulnerabilities related to the native Android media player, Stagefright. The vulnerabilities carry serious security implications: an attacker could exploit them to remotely control and steal data from a device by sending the victim a multimedia message (MMS) packaged with an exploit or sending them to a website that contains the exploit.
Continue reading What you need to know about the “Stagefright” and “Matroska” Android Vulnerabilities