New browser hijacker/click fraud malware threatens Windows users
Posted on 14.05.2014
In its latest Security Intelligence Report, Microsoft has noted that malware designed to make money for the attacker via click fraud, performing Bitcoin mining, and redirecting search results, has been plentiful in the last quarter of 2014.

Cyber crooks seem to love that type of malware, as if often lays undetected on the victims' computer, and makes money for them steadily and easily - they don't have to sell stolen data on underground forums, or risk being tied to direct extortion such as with ransomware.

Now, there are long-standing malware families of this kind that have proven to be extremely hardy and have been around for years, but new ones pop up all the time.

Take for example the Miuref, a piece of malware that hijacks browsers and search results. First detected in December 2013, the malware is spread via a number of vectors: spam emails, social engineering approaches trying to convince users to run its installer (the commercially available and legitimate Nullsoft installer), and via dropper Trojans.

According to Microsoft research, Miuref is capable of doing several things:
  • Report back to a C&C server and deliver information about the infected system
  • Install Chrome and Firefox extensions that redirect web searches to pages controlled by the attacker
  • Achieve the same for Internet Explorer via code injection
  • Perform click fraud by running additional hidden Internet Explorer processes, and sending clicks to online ads that appear to come from the pages controlled by the attacker
  • Download and run additional malware.
All in all, it's a well-rounded piece of malware that can do much harm to the users.

Microsoft's Security Essentials and Windows Defender (on Windows 8) detect it, so if you use those protections, keep them updated and/or active.


Most IT pros have seen potentially embarrassing information about their colleagues

More than three-quarters of IT professionals have seen and kept secret potentially embarrassing information about their colleagues, according to new research conducted by AlienVault.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th