HackDig : Dig high-quality web security articles for hacker

The ransomware of Christmas present: 60,000 hooked by festive imagery

2015-12-23 23:00

At this time of year the bad guys are trying every trick under the sun to catch you out.

And I’m not just talking about those retail outlets thrusting sale after discount after sale under your nose!

Or the shyster who ruined a disabled girl’s Christmas by stealing not only her presents, but also her much loved and much needed wheelchair.

Nope, the online baddies are out in full force too, trying to trick and bamboozle their way past your defences (you do have those, right?) to get at your banking logins and your personal information.

But hopefully none of you have been caught out by such sneaky ruses as the bogus courier email, or other bogus email links, so well described by Paul Ducklin over at my old haunt.

You haven’t?

Excellent, give yourself a pat on the back.

Mind you, those tricks are so common nowadays that most people are wise to them.

But another trick that’s appeared recently, that may catch a few people out, is a website that, at first glance, may appear to be getting into the festive spirit by offering free Christmas imagery to download.

But, bah humbug, it’s not quite what it seems.

Websense explains why Santa’s grotty grotto is a party pooper as a second glance at what its peddling reveals that with the free images comes another gift which is also free, but not quite as welcome: the Angler exploit kit.

The website in question – christmas-graphics-plus[dot]com – has, unfortunately, been injected with the malware kit which itself comes bearing gifts in the form of CryptoWall 4.0, a rather nasty piece of ransomware.

The site is injected with an HTML iFrame that leads to a malicious Traffic Direction System (TDS) which determines whether or not the user should be sent on to more malicious code. Factors in determining this include: browser User-Agent, IP address and referring website. For example, somebody using Internet Explorer on an IP address that has not been seen before is considered a good candidate, whereas a user browsing from Google Chrome might not be targeted at all.

The popularity of the website at this time of year has led to an estimated 60,000 victims who are now presumably frantically restoring their devices from their regularly checked backups (yeah, right,) or contemplating shelling out $500 in bitcoin (don’t do it folks, you’ll end up on a list of suckers and just get targeted all the more) to get their data back.

Either way, those Christmas images have likely ruined a good few parties as they suck up their victims’ time, money and/or sanity.

As Nicholas Griffin at Websense says,

Attackers are becoming increasingly intelligent, choosing to compromise websites that they know will be popular during holidays and special occasions.

Without adequate protection or updates to your software, you remain particularly vulnerable to these sorts of attacks which will occur in the background and do not require any user interaction.

Remember: software updates are for life and not just for Christmas, so make sure you are always up to date!

And don’t forget the backups!

Christmas is a special time, filled with family gatherings and wonderful memories, not to mention precious photos and videos.

You wouldn’t want to lose them, would you?


Source: 3192=p?/hctawytiruces/ei.gnitlusnochb

Read:2132 | Comments:0 | Tags:Information Security News

“The ransomware of Christmas present: 60,000 hooked by festive imagery”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud