Wave of business websites hijacked to deliver crypto-ransomware

itman · Jul 21, 2016

Eset to the rescue again

In this recent wave of compromises, SoakSoak planted code that redirects visitors to a website hosting the Neutrino Exploit Kit, a "commercial" malware dropping Web tool sold through underground marketplaces. The latest string of compromises appears to have begun in May. But since then, both the malware kit and the ransomware have been upgraded. The latest version of the exploit kit attempts to evade security software or virtual machines.

"Once a victim is redirected to the Neutrino Exploit Kit, the endpoint is scanned to check if it is using any security software such as VMWare, Wireshark, ESET, Fiddler, or a Flash player debugging utility," Pat Belcher of the endpoint security software vendor Invincea wrote in a blog post. "If those programs are not present on the victim host, the Command Shell is opened and the windows utility of Wscript is accessed to download the ransomware payload from a Command and Control server."
Click to expand...

Ref.: http://arstechnica.com/information-...l&utm_source=facebook.com&utm_campaign=buffer

root_access · Jul 22, 2016

Kind of crappy for malware analysts cos it will require some work to set up an environment but what an easy way to evade getting infected

NormanF · Jul 22, 2016

Again, disable WSH to block a drive-by download vector.

Log in or Sign up

Wave of business websites hijacked to deliver crypto-ransomware

itman Registered Member

root_access Registered Member

NormanF Registered Member

Log in or Sign up

Wave of business websites hijacked to deliver crypto-ransomware

itman Registered Member

root_access Registered Member

NormanF Registered Member

Useful Searches