By Eduard Kovacs on February 05, 2015Researchers at Invincea have been monitoring a malvertising campaign in which malicious actors leveraged Adobe Flash Player exploits and file-less infections to deliver ransomware.
The campaign, dubbed “Fessleak” based on the email address used to register the domains involved in the attack, appears to be the work of Russian cybercriminals.
In the first phase of the operation, the attackers register a so-called “burner” domain whose DNS is set up to be live for just 8 hours. This domain is then pointed to a hardened malicious landing page that is set up to serve ransomware. In order to get users to this landing page, the cybercrooks use real-time ad bidding to promote the burner domain.
Real-time bidding allows advertising buyers to bid on an impression. If the bid is won, their ad is instantly displayed on the publisher’s website. Full Article
Ad Bidding Network Abused for Ransomware Delivery in “Fessleak” Attacks
Userlevel 7
+54
Userlevel 7
+54
A lot more information here.
by Pierluigi Paganini on February 6th, 2015
The threat actors identified the ransomware as Kovter, attackers are spreading it from an advertising network that managed ad groups on a number of popular websites.
http://securityaffairs.co/wordpress/wp-content/uploads/2015/02/fessleak-infographic-PSD-2-5-15_v2-383x1024.png
Full Article
by Pierluigi Paganini on February 6th, 2015
Invincea has been monitoring the Fessleak campaign in which hackers leveraged Adobe Flash Player exploits and file-less infections to serve ransomware.
Security experts from Invincea are investigating on a new Ransomware campaign originated in Russia that presented many interesting characteristics. The researchers discovered that the attacks started by using file-less infections then moved to the exploitation of zero-day vulnerabilities in Adobe’s Flash Player.The threat actors identified the ransomware as Kovter, attackers are spreading it from an advertising network that managed ad groups on a number of popular websites.
http://securityaffairs.co/wordpress/wp-content/uploads/2015/02/fessleak-infographic-PSD-2-5-15_v2-383x1024.png
“It is important to note that the sites from which the malvertising were delivered are by and large unaware that their sites were used for delivering malware, and largely unable to do anything about it,” confirmed Invincea.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.