Researchers warn about schemes that lead to FlashPack exploit kit
Posted on 26.08.2014
Security researchers have spotted two different online schemes that lead to pages hosting the FlashPack exploit kit.

The first one relies on users visiting a compromised SourceForge sub-domain, where a JavaScript file redirects them to the website equipped with the exploit kit, which pushes on them a malicious Flash file that exploits a vulnerability to download and install a variant of the Carberp trojan.

Malwarebytes' Jerome Segura doesn't say how the users are lured or redirected to the compromised site.

The second scheme is centered around a specific add-on that adds social media sharing buttons to websites.

The add-on in question comes in the form of a few lines of JavaScript code that has to be added to the site's code, and can be freely downloaded from the add-on's website.

The problem is that for the add-on to function as intended, a JavaScript file from the home page of the add-on is loaded.

"This alone should raise red flags: it means that the site owner is loading scripts from an external server not under their control," pointed out Joseph Chen, a fraud researcher with Trend Micro.

"Itís one thing if it loads scripts on trusted sites like Google, Facebook, or other well-known names; itís another thing to load scripts on little-known servers with no name to protect."

And, as it turns out, this particular script is malicious. "On certain sites, instead of the original add-on script, the user is redirected to the script of FlashPack," Chen notes, adding that one of these sites is a free blogging site popular in Japan.

As before, the exploit kit serves Flash exploits which, if successful, download the Carberp trojan on the victim's computer.

According to Trend Micro, some 66,000 users - mostly in Japan - have been successfully targeted with this last scheme.

Among the vulnerabilities exploited by the kit is the CVE-2014-0497 Flash vulnerability that has been patched earlier this year. Unfortunately, a lot of people aren't good at keeping their software updated.









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //