Slashdot Mirror
New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels (bleepingcomputer.com)
An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.
Not no, hell no.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
I assume it's sarcasm... but that line does piss me off. Fucking short sighted ignorant pricks telling me to be subservient and just take this shit.
People with DVRs aren't thiefs some how. Or people who mute their tv while ads are playing?
First of all, Jesus H. Chist, I'm continually amazed at the lengths people will go and the sheer brainpower employed in malware and hacking generally. I've gotten to the point where I go to hang a towel over the mirror in the bathroom because I'm worried someone has hacked the mirror and then figure, fuck it, they probably also hacked the towel.
Secondly, is this level of malware sophistication evidence that there's economic stagnation?
I'm assuming this is software designed to create botnets or measly bank account info or whatnot and the author(s) make some money but not griping about the lack of space for their megayacht next season at Monaco kinds of money.
Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken? I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.
Actually the ad is stealing MY bandwidth.
So kindly fuck off your with your trojan pixels.
Nothing we say is going to change a thing. It's best to just block them and move on. Let it be their problem.
“He’s not deformed, he’s just drunk!”