Malware Attacks Against Mac
Two malware attack campaigns are leveraging the convoluted underpinnings of the internet economy to find malware victims. One is a large-scale exploit kit campaign designed to bypass traditional safeguards, such as ad blockers, and the other uses web redirects to target Mac users. According to Cisco Talos, malware is spreading by an infected toolbar that is downloaded during a bundled software installation. In the other campaign, Cisco discovered a website redirecting Safari browsers to a domain with a malicious Flash Player installer. Internet advertising is a highly complex system that is ripe for abuse, this is an issue that should not be ignored by the public, as these malicious ads can deliver malware out of nowhere and trick users who may not be aware of the threats that exist on some pages.
In the current attack, hackers are preying on people looking for online security software. A web search can result in a variety of results, from the legitimate and expensive to the questionable and free programs. One of those results could lead to a site like USB Guardian. USB Guardian pretends to be software designed to prevent you from getting infected with a worm and scans USB devices. However, when a user downloads USB Guardian, a toolbar called Best Security Tips will also be installed. The toolbar is the source of the malicious activity.
Talos researchers said that the toolbar starts a series of web requests immediately after installation. The first request is to an ad network called daily ads. The toolbar changes the browser homepage and default search engine, allowing hackers to change search results and other activities to promote click fraud and excessive advertising, which can lead to more damaging results including malware infection. These changes allow the ad networks to push content onto end systems with higher success.
So far, it hit a wide variety of sites from news to design, music, racing and popular culture. Researchers observed sites with malicious ads ranging as high as in the top 5,000 websites, according to Alexa. Malvertising is an attractive attack method for hackers because it offers a large potential victim pool compared to other ways. When leveraging a compromised website to deliver exploits, the victim pool is confined to only people navigating to that website. With malvertising, hackers can hit a much larger pool of different victims in different locations. Also, a hacker using a compromised website to deliver an exploit kit creates a single point of failure, the compromised site. The samemalvertising campaign, on the other hand, has multiple different entry points from a variety of both related and unrelated web pages, making mitigation more difficult.
Internet advertising is one of the biggest battlegrounds on the threat landscape for attacks delivering malicious content around the world. Both businesses and consumers need to be prepared and make a decision on how aggressive they want to be on blocking it. It's a unique challenge since the risk is eliminating large amounts of free content on the internet as it becomes more difficult to generate revenue from that content. These are just a couple of the major issues we will be forced to confront over the next several years.