Two Malicious Web Campaigns You Should Know About
A sophisticated, malicious attack tool called Angler is an exploit kit redirecting users to landing pages hosting the Angler EK. Scanning browsers for vulnerabilities in plug-ins such as the Adobe Flash plug-in, Angler EK infects computers with a variety of malware, including Trojans and even ransomware, a particularly insidious kind of malware that forces users to pay cybercriminals large sums of money to remove the malware from their computer.
How Angler Infiltrates Computer Systems
A website employing Angler EK typically consists of text that appears to legitimize the site, deobfuscation of malicious scripts and a landing page containing encrypted strings and URLs that lead to multiple exploits incorporated in the EK. In addition, Angler employs a web debugging proxy and an antivirus detection to avoid being suppressed by virtualization solutions. Implementing these protections make it hard for security researchers to investigate the evolving nature of the Angler EK. Furthermore, Angler uses encrypted URL paths, or the scrambling of letters to decrypt and encrypt URL paths.
Fileless Infection
When Angler succeeds in exploiting vulnerabilities in a user’s system, malware travels rapidly through a network where it is vigorously encrypted and decrypted, an advanced infection technique making detection of Angler malware even more difficult. Further, Angler is infamous for using fileless droppers (fileless infections) that run from memory. A dropper known to be used by Angler is actually a non-malicious downloader, or a dropper that primarily downloads and executes numerous kinds of malware.
Compounding the power of Angler is the fact that this EK is usually the first EK to integrate the newest exploits, which strongly emphasizes the need for state-of-the-art security solutions providing rigorous anti-protection across Angler’s detection abilities. To prevent your computer systems from being compromised by Angler EK, email service@tcsdepere.com or call (920) 569-2681 to speak with Total Computing Solutions today to learn more about the latest anti-malware tools capable of preventing Angler and other EKs from holding your computer for ransom.
Yet Another Malicious Web Campaign: Typosquatting
If you have ever typed the wrong URL and landed on what appears to be an actual website, that website may not be what you think it is, i.e., the website you expected to land on. For example, typing www.whiteehouse.gov (accidentally adding an extra “e”) may take you to a website that seems to be the official website of the White House but, in reality, is a fake site rife with viruses and malware just waiting to perform a blitzkrieg on your system.
Since you think you’ve reached the White House website, you continue clicking links, downloading interesting stuff and inadvertently infesting your system with all kinds of malicious bugs. Sometimes, typosquatting involves phishing scams that urge you to input all kinds of juicy personal details for the purpose of facilitating identity theft for cybercriminals. Typosquatters tend to focus on domain names of financial institutions, credit card companies and e-commerce businesses that users assume would be safe places to key in bank account information or other confidential information. Or course, cybercriminals love nothing more than to gain access to highly personal data.
Is Your Company’s System Protected?
You can block malicious drive-by downloads like Angler and Typosquatting by ensure your business has the proper IT security solutions in place. Learn more about how our managed services can help by emailing service@tcsdepere.com or calling (920) 569-2681 to speak with Total Computing Solutions today.
