Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels (bleepingcomputer.com)

Posted by BeauHD on from the hidden-in-plain-sight dept.

An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.

92 of 207 comments (clear)

  1. If if they say "Please!" by rmdingler · · Score: 5, Insightful
    Would you kindly disable Adblocker while visiting our site?

    Not no, hell no.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:If if they say "Please!" by wbr1 · · Score: 1

      That is an interesting way to say fuck you. Wish I had good options for ad blockers on Android. (Shut up APK)

      --
      Silence is a state of mime.
    2. Re:If if they say "Please!" by Anonymous Coward · · Score: 2, Insightful

      That is an interesting way to say fuck you. Wish I had good options for ad blockers on Android. (Shut up APK)

      Firefox mobile for Android allows the ublock origin or adblocker plus extensions! It's the only way to surf. (no root needed)

    3. Re:If if they say "Please!" by johanw · · Score: 2

      Yes but there is more than ads in the browser. If you root your android you can install something like disable service and disable the ad and analytic services in Google Play Services, which will also get rid of most ads in apps.

    4. Re:If if they say "Please!" by TheDarkMaster · · Score: 1

      This. When I find a site that asks to unblock advertisement and scripts, I simply go to another site.

      --
      Religion: The greatest weapon of mass destruction of all time
    5. Re:If if they say "Please!" by Maritz · · Score: 1

      Tried it in Firefox with uBlock installed. Complains, says it might not run. Doesn't do anything upon clicking 'start test'.

      Then I try it on a browser with no ad blocker. The one I have handy is Edge (because I never use it). I see ads. The test still doesn't do anything.

      I've seen better speed testers to be honest.

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    6. Re:If if they say "Please!" by thejynxed · · Score: 1

      If your device is rooted, just install AdAway + something like NoRoot Firewall. Block ads, decide which apps can connect to either the data or wifi (with bonus pre and post filtering options you can apply that are based on IP as well).

      --
      @Mindless Drivel: 100% of Twitter posts ever Tweeted.
    7. Re:If if they say "Please!" by Black+LED · · Score: 1

      How is the performance on NoRoot Firewall? I used to use DroidWall, which is a frontend for iptables, but it hasn't been updated in years and I'm not sure it works properly on newer versions of Android.

  2. Yeah but... by fustakrakich · · Score: 5, Funny

    If you block the ad, you're a thief.

    --
    “He’s not deformed, he’s just drunk!”
    1. Re: Yeah but... by Anonymous Coward · · Score: 3, Insightful

      I assume it's sarcasm... but that line does piss me off. Fucking short sighted ignorant pricks telling me to be subservient and just take this shit.

      People with DVRs aren't thiefs some how. Or people who mute their tv while ads are playing?

    2. Re: Yeah but... by CaptainDork · · Score: 1

      If I had mod, I'd +1, Insightful.

      --
      It little behooves the best of us to comment on the rest of us.
    3. Re: Yeah but... by ArchieBunker · · Score: 2, Informative

      How I choose to display the data on my screen is my business.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    4. Re:Yeah but... by UnknownSoldier · · Score: 4, Insightful

      Actually the ad is stealing MY bandwidth.

      So kindly fuck off your with your trojan pixels.

    5. Re: Yeah but... by geekmux · · Score: 2, Interesting

      How I choose to display the data on my screen is my business.

      And how they deliver data to your screen for free is their business.

    6. Re:Yeah but... by ChrisMaple · · Score: 1

      Advertisements in magazines and newspapers take up pages, which make them heavier. It takes extra energy to carry the extra weight, and making the extra energy requires extra food. Advertisements steal the food from my mouth!
      Get real.

      --
      Contribute to civilization: ari.aynrand.org/donate
    7. Re: Yeah but... by ArchieBunker · · Score: 1

      Not my fault their business model is not profitable.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    8. Re:Yeah but... by hairyfeet · · Score: 4, Interesting

      I have the perfect comeback to those ignorant fucks..."Are YOU gonna accept responsibility and pay for any and all damages if your site serves malware? No? Then you are knowingly aiding and abetting malware vendors, kindly fuck off".

      If they want to be treated like legitimate businesses? Then they have to accept the responsibility legitimate businesses have. If a business doesn't secure their premises and cause harm to their patrons? They are responsible for the clean up, look at the mounds of money TJ Maxx and Target had to pay for their lack of security, but these websites want us to treat them as legitimate businesses show the same lack of responsibility as some fly by night topsite? Sorry can't have your cake and eat it too, either you have the same responsibilities as a real business or you don't deserve any more consideration than a cracksite or any other dodgy place on the wild web.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    9. Re:Yeah but... by fustakrakich · · Score: 3, Insightful

      Nothing we say is going to change a thing. It's best to just block them and move on. Let it be their problem.

      --
      “He’s not deformed, he’s just drunk!”
    10. Re: Yeah but... by tlhIngan · · Score: 1

      People with DVRs aren't thiefs some how. Or people who mute their tv while ads are playing?

      They aren't. People who skip ads simply are marked as not watching the ad. Not watching the ad reduces a programs "C" rating, which means the program's ad rates go down (less eyeballs == less money). Programming budget is a fraction of the ad money it makes so it has to adapt.

      Ratings you see and hear on the news about a program are one of three - SD (same day), SD+3 (Same Day + 3 days later) or SD+7. These are basically the program and ad ratings averaged through the entire program. But TV networks don't care for these numbers - eyeballs watching programming is not considered important. So instead, they pay for the C numbers, also available in same day, +3 and +7 days. This is the ratings minus program ratings - so they simply take the ratings during the commercial breaks.

      So if you don't watch the commercials, you don't contribute to the C numbers. Studios, TV networks and everyone else airing ad-paid programming use the C numbers to determine the show's budget, and whether it will see any more showings, whether it gets another season, and what timeslot it will get. So DVR users, downloaders, etc, they simply aren't counted in the end.

      It's something to remember when your favorite show gets cancelled. Just because millions watch it, if most of them are downloads and very few are ad driven, the practical audience may be in the hundreds of thousands.

      That's why DVR users aren't thieves - in the end, the programming they like gets cancelled, so in the end they just hurt themselves in the long run.

    11. Re:Yeah but... by drinkypoo · · Score: 1

      Nothing we say is going to change a thing. It's best to just block them and move on. Let it be their problem.

      Actually, what would be best would be to make websites criminally liable if they deliver a malicious ad to your PC. That'll get people working on securing their networks, and make most ad networks dry up in a hurry after serving as a source of revenue.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    12. Re: Yeah but... by TheDarkMaster · · Score: 1

      At least normal TV advertising has no way to run suspicious codes and install malware on your TV setup. The problem is not exactly the advertising itself, the problem is the shit they insert into the advertisement and that makes mandatory for you to block it.

      --
      Religion: The greatest weapon of mass destruction of all time
    13. Re: Yeah but... by squiggleslash · · Score: 1

      That's why DVR users aren't thieves - in the end, the programming they like gets cancelled, so in the end they just hurt themselves in the long run.

      That assumes they would have watched the same shows with ads. I can honestly say that I wouldn't, because in 2001 I canceled my cable completely because I found US TV unwatchable because of the ads. It wasn't until four or five years later that I "came back", and that was a combination of my soon-to-be wife wanting TV, and me requiring we have a DVR as part of the package.

      What we're actually seeing now, as a result of the effect the DVR has had on the industry and the opportunities the Internet provides, is a massive, unprecedented, move to subscription TV. Netflix, Amazon Prime, Hulu, are all producing their own TV programming, with quality as good as the broadcast networks, and networks like HBO are broadening the ways in which their content can be obtained. Meanwhile even the broadcast networks are finding people buy their shows if they put each episode up on Amazon, Vudu, iTunes, etc, immediately after broadcasting them.

      Did we screw ourselves? Nah. I think we're getting what we asked for. And for the most part, we're getting what we wanted as a result.

      --
      You are not alone. This is not normal. None of this is normal.
    14. Re: Yeah but... by mSparks43 · · Score: 1

      they tested making that compulsory. but the buggers just stopped turning the tv on in the first place. which would cause problems for government sponsored brainwashing programs.

    15. Re: Yeah but... by Jeremi · · Score: 1

      Not my fault their business model is not profitable.

      Not their fault your web browser is insecure?

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    16. Re: Yeah but... by Win0ver · · Score: 1

      And how they deliver data to your screen for free is their business.

      Should they then be liable when their ads serve malware/viruses?

    17. Re: Yeah but... by geekmux · · Score: 1

      It's not for free. I pay for my ISP and so do they. Websites are supposed to cost money. If they want to require a paid account then that is up to them and very doable. But if they want to attract people then they can pay for their site. There is no reason other than a money grab to see any ad on any website.

      You do realize all those kids who grew up paying nothing for YouTube/Facebook/Webmail/Social Media Entertainment are starting to run small companies, right?

      In other words, that whole theory of yours that all this shit is supposed to cost money is falling on deaf ears. To them, even an ISP charging for internet access is a crime against humanity.

    18. Re:Yeah but... by fustakrakich · · Score: 1

      Actually, what would be best would be to make websites criminally liable if they deliver a malicious ad to your PC.

      Yeah, we could do that, but personally, I hold the operating system responsible. I don't care how malicious the code is, the OS should run in protected ROM. So if we're going to start suing people, let's start with Microsoft and Apple, unless of course they decide to open up the source code... Going after the websites is a slippery slope, subject to political opinions as to what is "malicious".

      --
      “He’s not deformed, he’s just drunk!”
    19. Re:Yeah but... by fustakrakich · · Score: 1

      Let me expand on that a bit. If there were to be a law that makes blocking illegal, then yes we should be able to sue those who host malware. But since we can easily block it, then I don't see the need for that. The weak point is in the OS. That's their attack vector, it should be ours too

      --
      “He’s not deformed, he’s just drunk!”
    20. Re: Yeah but... by pnutjam · · Score: 1

      Hey, the net neutrality one is a couple threads over, take your bullshit over there and maybe you can trick some people into believing you know what you're talking about and aren't an industry shill.

      --
      Cheap storage VM.
    21. Re: Yeah but... by networkBoy · · Score: 1

      in theory you could send a malformed signal to the TV. A while back there was a PNG exploit that caused an overflow of the displaying program to run code.

      Since most TV streams are compressed though I'm not sure if this would be viable in the real world.

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    22. Re:Yeah but... by SoftwareArtist · · Score: 1

      Darn, you made me feel so guilty! ;)

      But I don't block ads, I just run NoScript. If they can't make ads that work without javascript, that's their problem. And any ad network that lets advertisers bundle javascript is incompetent or evil or both. It's called a "malware distribution network", not an ad network.

      --
      "I'm too busy to research this and form an educated opinion, but I do have time to tell everyone my uninformed opinion."
    23. Re:Yeah but... by thomn8r · · Score: 1
      I bet that there are some illiterate nutjobs who actually think that too.

      I bet there are some well-educated nutjobs with MBAs and JDs who actually thing that as well..

    24. Re:Yeah but... by hairyfeet · · Score: 1

      Sigh....how to write a Linux virus in 5 easy steps using the same tricks malware uses, BTW wanna guess what kernel hosts the OS that has surpassed Windows in infections and has for over 5 years? That's right sparky LINUX.

      So your vaunted "source" means absolutely nothing, its classic security by obscurity. wanna guess how much of your average Linux distro is actually vetted, as reported a couple years back by a scan of github access by a security firm? Less than 2%, that is all, the other 98% hadn't been touched by anybody but the authors who could have put any malware they wanted into it and you wouldn't know anymore than if you were on windows or OSX.

      BTW I'll be happy to smack you with some citations if you'd like, from the KDELook bug that was hosted on all the major KDE repos for over a year to the Quake 3 malware that was hosted on all of the major repos for a year and a half, just ask. Thanks to Android we now have undeniable proof that Linux security is nothing but security by obscurity, and that if a malware vendor wants to own Linux? It gets pwned just as hard.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    25. Re:Yeah but... by fustakrakich · · Score: 1

      Yeah but... That' not really what I'm talking about. It's that nobody will sue you if you distribute a fix for a Linux flaw, not even Linus, as far as I can tell. Since we don't have that luxury with MS or Apple, we should be able to hold them responsible for their screw ups. The point is that they should either fix it, or let somebody else do it. There should be consequences for locking us out.

      Regardless, the OS, no matter whose, should be protected inside of ROM.

      --
      “He’s not deformed, he’s just drunk!”
  3. When I build my next site by Sartr · · Score: 1

    I'm going to much more efficient. "Avoid the middleman! Download this malware, straight from me to you!"

  4. Re:technologically speaking by Anonymous Coward · · Score: 1

    All the more reason to use an ad blocker extension. Let the e-beggar sites that pester you about having an ad blocker know why you do. Maybe they'll finally get a clue and shut down or find a legitimate way to make money.

  5. Is malware like this proof of economic stagnation? by swb · · Score: 5, Insightful

    First of all, Jesus H. Chist, I'm continually amazed at the lengths people will go and the sheer brainpower employed in malware and hacking generally. I've gotten to the point where I go to hang a towel over the mirror in the bathroom because I'm worried someone has hacked the mirror and then figure, fuck it, they probably also hacked the towel.

    Secondly, is this level of malware sophistication evidence that there's economic stagnation?

    I'm assuming this is software designed to create botnets or measly bank account info or whatnot and the author(s) make some money but not griping about the lack of space for their megayacht next season at Monaco kinds of money.

    Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken? I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.

  6. Banner Ads? by Ralgha · · Score: 1

    Banner ads are still a thing? I haven't seen one in years. Guess those ad blockers are paying off.

  7. Is this art now gone? by Okian+Warrior · · Score: 1

    A question to the readers: I've been trying to view this online comic for awhile now.

    The problem is, the comic itself is written in Flash, and I can't think of any way to enable flash without downloading all the Adobe crap, or installing a browser extension that's horribly unsafe to use. My best guess is to do all this in a separate VM specifically tuned to do this one task, and then delete it when done.

    Make an entire system specific to reading one website? That seems like a lot of work.

    Is there some sort of offline viewer I can use, or convert the files to PDF or something?

    Is this work of art now forever lost because the means to display it is gone?

    1. Re:Is this art now gone? by Khyber · · Score: 2

      Just use Chrome, which has its own Flash baked-in.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    2. Re: Is this art now gone? by infolation · · Score: 1

      I wanna hire these guys. They sound really smart.

  8. Am I the only one that sees the root cause? by ukoda · · Score: 1

    Not really an issue for me as this one of the reasons I use an ad blocker. The part I found mind boggling is "a large number of advertising networks allow advertisers to deliver JavaScript code with their ads". That is just plain wrong. How can any website sell advertising with a clear conscious if they are going to allow effectively unknown people to run code on their visitor's PCs?

    1. Re:Am I the only one that sees the root cause? by thesjaakspoiler · · Score: 1

      The major issue is that HTML5 could have been replaced FLASH if they would have come up with some decent features. But that committee decided to focus on all kinds of side-issues that no one was interested in. So in order to do something FLASH like, Javascript is needed.

    2. Re:Am I the only one that sees the root cause? by Aristos+Mazer · · Score: 1

      Yeah, but the whole point is to PREVENT anyone from doing something "Flash like". We don't want programmable ads -- that's untrusted code. If you can't communicate your ad with a static image, a video, and a "click for more info" link, you need a better ad dept... if your product is so bad that the only way you can get people to buy it is with invasive advertising, maybe the world is better off without your doohickey.

    3. Re:Am I the only one that sees the root cause? by Altrag · · Score: 1

      maybe the world is better off without your doohickey

      That's kind of the point. If the world actually needed a zebra scented butt razor, they wouldn't have to resort to shitty ads in the first place, and when you've got no real selling features your best option is to just shove your shit in everyone's face. They all want to make a buck, whether they deserve to or not.

      And they should be free to try to make a buck. But we should also be free to tell them to piss off. Unfortunately the world these days seems to value corporate freedom far more than individual freedom, so we're always in an uphill battle with the butt razor peddlers.

  9. Cruising the information superhighway through a VM by Ostracus · · Score: 1

    For all reasons mentioned and past exploits I can see cruising the internet through a VM becoming very popular. Especially since some new NAS are coming with the ability to run a VM.

    --
    Shai Schticks:"You don't make peace with friends, you make peace with enemies"
  10. Re:Is malware like this proof of economic stagnati by geekmux · · Score: 1

    First of all, Jesus H. Chist, I'm continually amazed at the lengths people will go and the sheer brainpower employed in malware and hacking generally. I've gotten to the point where I go to hang a towel over the mirror in the bathroom because I'm worried someone has hacked the mirror and then figure, fuck it, they probably also hacked the towel.

    Thanks for that laugh. The analogy was rather hilarious. Now I think I'll have a good cry over the reality of it.

    Secondly, is this level of malware sophistication evidence that there's economic stagnation?...Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken?

    Yes, perhaps it is. Another example would be the evolution of ransomware. Started out as a rather brilliant idea from a hacking standpoint to extort humans for more or less ordinary income.

    I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.

    Across history, countless times we've caught ourselves laughing at how much more con artists could earn by walking the legal line instead of the life of crime. That said, this economy rewards the world's greatest narcissists who do little more than generate clicks. Is this economy broken? Fuck yes it is. In more ways than one.

  11. Legal? by AndyKron · · Score: 1

    And this isn't illegal?

  12. Question by 93+Escort+Wagon · · Score: 1

    Is BleepingComputer the latest Medium.com? Because it seems like every time I come to Slashdot there's yet another story from that site...

    --
    #DeleteChrome
  13. Stegano Exploit Kit on Ads by b783719 · · Score: 2

    The summary was missing details, but this link explains a bit more.

    http://www.welivesecurity.com/...

    At least you'll know how it works. Also, go down to the list and see if you have at least one of those security products and it'll skip the payload. :)

  14. Stopped... by Anonymous Coward · · Score: 1

    ...reading at, "This server would only accept connections from Internet Explorer users." Now feeling smug.

    1. Re:Stopped... by Anonymous Coward · · Score: 1

      Don't be. The reason the "Nigerian princes" all speak in terrible English isn't because they can't type, or can't hire someone who can. Getting their advert in front of your eyes is the easy part. They want to ring all the alarms that smart people have, so that they don't waste their time trying to scam smart people. This is much the same. Focus on the small part of the internet that makes for good food, and filter out the rest.

  15. Vector animation is smaller than video by tepples · · Score: 1

    If you can't communicate your ad with a static image, a video

    A scripted vector animation has a smaller file size (and thus costs you less to view in overage fees payable to your ISP) than the equivalent H.264 or VP8 video. But I don't see how a scripted vector animation of considerable complexity can be done with CSS transitions alone. It's usually script writing to a canvas or script manipulating CSS element styles or SVG paths.

    1. Re:Vector animation is smaller than video by Aristos+Mazer · · Score: 1

      That's a reasonable point. But Flash goes far beyond that.

    2. Re:Vector animation is smaller than video by Motherfucking+Shit · · Score: 1

      Scripted vector animations can fuck right off, too.

      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    3. Re:Vector animation is smaller than video by drinkypoo · · Score: 1

      I don't want to see animated ads. When I do, I tend to go post something nasty about the company using it on G+. But thanks to AdBlock and NoScript, I usually don't actually see such travesties.

      People who make singing, dancing ads should be slapped across the face with my cock.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:Vector animation is smaller than video by Bob+the+Super+Hamste · · Score: 1

      People who make singing, dancing ads should be slapped across the face with my cock.

      I'm thinking my 8lb splitting maul would be better.

      --
      Time to offend someone
    5. Re:Vector animation is smaller than video by drinkypoo · · Score: 1

      Time to break out the tweezers and magnifying glass.

      So you can find all the pieces of your face?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  16. The real problem by jargonburn · · Score: 1

    a large number of advertising networks allow advertisers to deliver JavaScript code with their ads

    Third-party code. 'Nuff said.

    1. Re:The real problem by Black+Parrot · · Score: 1

      Don't forget -

      b) Internet Explorer

      c) Flash

      --
      Sheesh, evil *and* a jerk. -- Jade
    2. Re:The real problem by Dutch+Gun · · Score: 1

      Not just IE and Flash. Unpatched IE and Flash, running no ad blockers. That's pretty much asking to be electronically mugged these days.

      --
      Irony: Agile development has too much intertia to be abandoned now.
  17. Re:Is malware like this proof of economic stagnati by Anonymous Coward · · Score: 1

    Secondly, is this level of malware sophistication evidence that there's economic stagnation?

    I'm assuming this is software designed to create botnets or measly bank account info or whatnot and the author(s) make some money but not griping about the lack of space for their megayacht next season at Monaco kinds of money.

    Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken? I would think that people this smart, in a functional economy, would be in real demand to do productive economy kinds of things.

    A problem solved by software can often be copied for essentially zero. The initial cost may be relatively high, but let's say ordinary salary numbers, particularly in foreign countries, so what in the $30k range... If they can infect say 30k computers say 4 times a year. The computers could easily be different... That yields needing to make roughly, on average, $0.25 a computer. There is a lot of hand waving there, but I assume most of it is purely the economies of scale. Also, once a vulnerability is in the wild, it is no doubt easier to copy it than try to find your own.

    Now once you compromise a PC, getting it to effectively just view and click on links for money is likely achievable. Remember you need to make like 25 cents per computer per year... There is also more direct options like scamming bank account info, holding data hostage, etc..

  18. Specific malicious domains from ESET by Anonymous Coward · · Score: 2, Informative

    See subject: A list of specific hosts from ESET's research to enter into your custom hosts file to protect vs. Stegano:

    0.0.0.0 browser-defence.com
    0.0.0.0 broxu.com
    0.0.0.0 conce.republicoftaste.com
    0.0.0.0 compe.quincephotographyvideo.com
    0.0.0.0 ntion.atheist-tees.com
    0.0.0.0 entat.usedmachinetools.co
    0.0.0.0 connt.modusinrebus.net
    0.0.0.0 ainab.photographyquincemiami.com
    0.0.0.0 rated.republicoftaste.com
    0.0.0.0 rence.backstageteeshirts.com

    FROM http://www.welivesecurity.com/...

    APK

    P.S.=> All I can say to ESET is "Good job guys, & Thank you - keep up the good work!"... apk

  19. Re:Is malware like this proof of economic stagnati by johannesg · · Score: 1

    Interesting point of view. It might also be proof that software quality has improved a lot, and there aren't so many 'normal' holes to drive through anymore...

  20. Re:Cruising the information superhighway through a by Altrag · · Score: 1

    Not likely:
    a) At best, you've just moved the problem to securing the host system. Which if you're running a bare metal VM like ESXi or Hyper-V is certainly easier than securing an entire OS that needs to explicitly allow userland programs to do arbitrary things. But its not a null issue.

    b) VMs would need to become far, far less annoying to use. Basically until such time that OS's do something like load every single app into its own sandbox, invisible to the user, this won't happen on any sort of large scale. Including somehow securely sharing data between sandboxes (so for example your video player could play the movie you downloaded from your browser) and again with little to no user hassle.

    c) Even given all of that, it still has the issue of persistent data. If the VM's data persists inside the VM, then its got the potential to be compromised at least within the sandbox and since most people only use a small number of apps, having one of them lose all data is still a serious issue. And if its persisted outside the sandbox (as in the shared data issue above) then its potentially compromising the entire system and we're back to square one.

    Modern browsers and Flash Player and Java and whatnot all do their best to sandbox anything coming from the web already. I don't really see how moving up one step to a virtual machine will really do a whole lot better -- at least not without simultaneously introducing user experience issues that would make the setup untenable for average non-techie users.

  21. Fines. I demand them. by Anonymous Coward · · Score: 1

    Fine the ad creator. Can't find him? Fine the ad provider. Can't find him? Fine the owner of the site itself.

    I want fines and I want jail time for malvertising. Heads must roll. This has gone on long enough.

  22. Re:Is malware like this proof of economic stagnati by kurkosdr · · Score: 1

    Malware nowadays is not written by some script kiddie in his parent's basement. Malware creation is funded by crime rings in third-world countries who employ developers to analyze known exploits and code-hiding techniques, and hence the malware attacks are very sophisticated. This is what I say to various relatives who come and say their computer "is so slow it must have a virus". Modern malware tries to be as stealthy as possible, so slowing down your PC is the last thing they want to do. But that Avast hog you have (instead of a much lighter antivirus) and your never-defragged harddisk does make your computer slower. PS: Does Google ads filter the malicious JS code?

  23. Re:Is malware like this proof of economic stagnati by gtall · · Score: 1

    I don't think the economy is broken, well, it might be but even if it were 100% healthy, we'd still have these people. Mostly, they are people who do not fit into companies working for someone else. They are freelancers. They do not have what it takes to start their own legitimate company. In the past, we'd call them pickpockets or snake oil salesmen or in some cases, politicians. The intertubes are just vehicles for them. If they weren't doing it there, they'd find some other form of criminal vice. Their lives are built around leeching. The medium is secondary.

  24. The reason the gate targets Internet Explorer? by khz6955 · · Score: 1

    "This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers."

    The reason it only targets Internet Explorer is that the exploit only works on Microsoft windows.

  25. technique presented some time ago as stegosploit by Gunstick · · Score: 2

    And that technique can go way further.
    https://www.youtube.com/watch?...

    --
    Atari rules... ermm... ruled.
  26. Miranda by MrMonty · · Score: 2

    Miranda

  27. Re: For the best custom hostsfile creator by mSparks43 · · Score: 1

    does it work on linux or android.

    does it protect lynx.

    If not, then not interested.

  28. Re: Hosts work on Linux & Android by mSparks43 · · Score: 1

    so thats a no then....

    ok, ill stick with mvps.org then.

  29. Re:Is malware like this proof of economic stagnati by swb · · Score: 2

    I get that we'd always have people at the margin who have above average intelligence but otherwise to fit into a worker mold and wind up as criminals of varying levels of success. Usually, though, they seem to suffer from various other pathologies -- substance abuse, psychological defects, the kind of panoply of sociological misintegration that limits not only their legitimate success but their ability to make even life below the line very successful.

    Maybe there's just a correlation between high levels of computer skills and these same sociological maladjustments, and the medium provides an outlet previously unavailable which offers reduced risk and greater rates of success.

  30. Re: My program imports MVPS data (& more) by mSparks43 · · Score: 1

    you obviously know nothing about android. you can only change the hosts file on a rooted android phone. which is basically a compromised phone before you even start.

  31. Re: You're obviously illiterate (I said that) by mSparks43 · · Score: 1

    a rooted phone is gauranteed to send all your private data to a malicious ip address, wont even use a dns lookup. whats the point in changing the hosts file on a device already hard coded to send everything on the device to the bad guys. why are you recommending android users compromise their device?

  32. Re: Hosts work on Linux & Android by mSparks43 · · Score: 1

    this isnt true any more. i had several malvertisers try and push an install of an unknown rpm through chrome before i added the winhelp mvps hosts file to the system. If id been using something like ubuntu instead of an otherwise hardened system they would quite possibly have been successful.

  33. Re:Is malware like this proof of economic stagnati by Jeremi · · Score: 1

    Is the fact that people do this kind of really clever shit for more or less ordinary income, is it proof that the economy is in some way broken?

    The economy undoubtedly is broken in many ways, but I think exploits like this are less about the economy and more about programmers getting bored and wanting to show off how clever they are; and if they can also make some money doing it, so much the better.

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
  34. Re:I gotta be missing something here... by Gornkleschnitzer · · Score: 1

    Hiding the data in a seemingly innocent photo and unpacking it with a seemingly innocent parser makes it a lot harder to statically detect and filter on the way in.

  35. Re:Cruising the information superhighway through a by Ostracus · · Score: 1

    Microsoft's Virtual PC gave us "B" before they abandoned the whole idea in favor of Hyper-V. As for "C" people already intentionally lose date through things like FF's "incognito" mode. The stuff they want to keep usually ends up in the cloud anyway where stronger security measures can be applied.

    --
    Shai Schticks:"You don't make peace with friends, you make peace with enemies"
  36. Re:Is malware like this proof of economic stagnati by networkBoy · · Score: 1

    PS: Does Google ads filter the malicious JS code?

    Doubtful. the code was only the key and transform function, the payload was the transparency data of the image its self.
    I'm sure they're going to start blocking it now, but there is no way they would have caught this in a normal screening.

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  37. Re:VirusTotal & /. reg'd users disagree by Guybrush_T · · Score: 1

    What a terrible argument. If your code is so good, just open-source it and stop using the "everybody uses it so it's good" fallacy. Everybody uses windows.

    Well, I guess you only need to fool the dumbest people ...

  38. Re:VirusTotal & /. reg'd users disagree by I've+Got+Three+Cats · · Score: 1

    You could try to be more transparent and stand by the software you're peddling by being open, upfront, and honest instead of posting as AC to shill your software. I wouldn't trust you. I would trust something like Pi-hole though precisely because it is open and transparent; and, presumably does the same thing.

  39. Re:Is malware like this proof of economic stagnati by I've+Got+Three+Cats · · Score: 1

    My guess is that most of these scams bring in revenue in the 1000's or tens of 1000's so certainly well below the "griping about the lack of space for their megayacht next season at Monaco". But remember that in some parts of the world, coding is cheap and what we might think of as a low income wage goes a long way.

  40. Re:Cruising the information superhighway through a by Altrag · · Score: 1

    Virtual PC gave us "B"

    I don't recall that being significantly easier to setup than say VMWare Player. Perhaps a bit better but you still had to do things like install your guest OS, configure hardware devices and so on. Definitely not simple enough to be considered invisible to the user.

    XP Mode was getting closer from that aspect.. if running Word or IE just magically loaded into a sandbox then we'd be getting closer to what I'm referring to, though that's got all of its own challenges as noted.

    people already intentionally lose date through things like FF's "incognito" mode

    Some people do. For some specific tasks that they want to hide from their families/coworkers/etc. A quick search suggests that its perhaps more people than I would have thought, though the stats I found didn't break down how much normal browsing the incognito users also did.

    That said, browsing cookies and cache and history is a far cry different from say, Word documents. Sure cloud storage is a thing now and that's great (well.. as long as you don't care about MS or Google or whoever having access to your documents.) But it doesn't cover everything, introduces a bandwidth cost and generally tends to be less convenient in its own right with the exception of a few specifically designed cloud-based apps like Google Docs.

    I'm not saying it can't be done or shouldn't be attempted.. just that its not really anywhere close at the moment. People value convenience over the chance of getting hacked (which is still relatively low for any specific individual -- a huge botnet with 10 million nodes is still a fraction of all the billions of computers on the planet.) Its high enough that we'll probably all know someone who loses a bunch of shit to a virus or whatever at some point, but not really so high that its worth spending huge amounts of additional time and energy doing computer gymnastics -- especially for those who aren't so good with computers and technology at the best of times.

  41. Re: Hosts work on Linux & Android by bjwest · · Score: 1

    Ubuntu asks for your password before installing a .deb from a link. If you're browsing as root or willy nilly type your password in whenever a box pops up asking you for it, then you deserved any and all malware you get.

    --

    --- Keep the choice with the user..
  42. Re: Hosts work on Linux & Android by mSparks43 · · Score: 1

    not afaik.

    sudo still installs stuff as root, installing a malicious rpm will give that rpm, even by sudo, access to the entire system.

  43. Re:How so? apk by mSparks43 · · Score: 1

    You really cant "harden" any of the old versions of windows though (thousands of zero days knocking around for what are now unsupported systems), and stuff written from earlier than 2007 doesn't really apply to any of the new versions of windows.

    While a solid host file is essential (and as you say, there are lots of free ones around now), it wont protect you from material served from hijacked dns, which is fairly common practice now.

  44. Re:Hardcoded favorite sites do... apk by mSparks43 · · Score: 1

    So when your DNS gets hijacked, every single person using your program gets hijacked to?

    Wow. That's inviting a very big law suit.

    Or you just cache the users repsonses? in which case, hijacked once, hijacked forever?

  45. Re:Lastly as a test? by mSparks43 · · Score: 1

    You think I'd be willing to share my zero days?

    heh, interesting.....

  46. Re:Running from a FAIR challenge? by mSparks43 · · Score: 1

    how much you paying?

    zero days are valuable you know...

    or is your "fair challenge" not really that fair.

    cos I'll take cash over ego or your appreciation any day of the week.

  47. Re: Thanks for proving my point by mSparks43 · · Score: 1

    ill put up if you put up.

    zero days typically fetch at least $10,000.

    why should i waste that on you?

    Id never get my ppl that way it seams.