tao Posted October 12, 2017 Share Posted October 12, 2017 Malware researcher encounters bogus download links during multiple visits. In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday the site was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers. Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info that looked like this: He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once. Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same centerbluray.info page.... Please read the full article, if interested, here. Link to comment Share on other sites More sharing options...
tao Posted October 12, 2017 Author Share Posted October 12, 2017 Equifax reportedly takes down web page after report of another hack Link to comment Share on other sites More sharing options...
Rainmaker Posted October 12, 2017 Share Posted October 12, 2017 They haven't locked down their site yet? Maybe you shouldn't hire a "masters in fine arts" and "music composition" person as your Chief Security Officer. Unbelievable. These people just go off into retirement with their golden parachutes and live happily ever after, as we try to salvage the damage. This comes after the disclosure that all 3 billion user accounts at Yahoo were compromised. Where is the culpability with these companies? \\R Link to comment Share on other sites More sharing options...
n0entry Posted October 16, 2017 Share Posted October 16, 2017 On 2017-10-12 at 5:19 PM, adi said: Malware researcher encounters bogus download links during multiple visits. In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday the site was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers. Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info that looked like this: He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once. Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same centerbluray.info page.... Please read the full article, if interested, here. which other 3 antivirus programmes defeted it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.