New browser hijacker/click fraud malware threatens Windows users
Posted on 14.05.2014
In its latest Security Intelligence Report, Microsoft has noted that malware designed to make money for the attacker via click fraud, performing Bitcoin mining, and redirecting search results, has been plentiful in the last quarter of 2014.


Cyber crooks seem to love that type of malware, as if often lays undetected on the victims' computer, and makes money for them steadily and easily - they don't have to sell stolen data on underground forums, or risk being tied to direct extortion such as with ransomware.

Now, there are long-standing malware families of this kind that have proven to be extremely hardy and have been around for years, but new ones pop up all the time.

Take for example the Miuref, a piece of malware that hijacks browsers and search results. First detected in December 2013, the malware is spread via a number of vectors: spam emails, social engineering approaches trying to convince users to run its installer (the commercially available and legitimate Nullsoft installer), and via dropper Trojans.

According to Microsoft research, Miuref is capable of doing several things:
  • Report back to a C&C server and deliver information about the infected system
  • Install Chrome and Firefox extensions that redirect web searches to pages controlled by the attacker
  • Achieve the same for Internet Explorer via code injection
  • Perform click fraud by running additional hidden Internet Explorer processes, and sending clicks to online ads that appear to come from the pages controlled by the attacker
  • Download and run additional malware.
All in all, it's a well-rounded piece of malware that can do much harm to the users.

Microsoft's Security Essentials and Windows Defender (on Windows 8) detect it, so if you use those protections, keep them updated and/or active.









Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //