Be wary of the websites you're visiting, because you could be hit by a nasty update to the Angler exploit kit. According to Heimdal Security, the Angler kit has been updated to run Cryptowall 4.0 and Pony. Not only will your files be encrypted and held at ransom, your credentials to online services could be stolen as well.
The process works as below:
The campaign is carried out by installing a cocktail of malware on the compromised PC. The first payload consists of the notorious data thief Pony, which systematically harvests all usable usernames and passwords from the infected system and sends them to a series of Control & Command servers controlled by the attackers.In the last 24 hours, Heimdal Security has blocked over 200 new domains. Unfortunately, anti-virus software isn't responding well to this new threat, but some tips are provided by Heimdal Security to try to keep you safe.
The purpose of this action is to abuse legitimate access credentials to web servers and CMS systems used by websites and to inject the malicious script in these websites so that the campaign achieves the largest possible distribution.
In the second phase, the drive-by campaigns unfolds via the victim being moved from the legitimate website, which has been compromised, to a heap of dedicated domains which drop the infamous Angler exploit kit.
The Angler exploit kit will then scan for vulnerabilities in popular third party software and in insecure Microsoft Windows processes, if the system hasn’t been updated. Once the security holes are identified, Angler will exploit them and force-feed CryptoWall 4.0 into the victim’s system.
- Keep your system updated and always install the latest updates available for the apps you use
- Back up your data constantly and frequently.
- Don’t keep any important piece of information on your computer.
- Make sure you keep away from strange websites.
- Do not open spam emails or emails you get from unknown senders.
- Don’t download or open attachments in those emails.
- Use products that can detect and block recent ransomware / Cryptoware variants which, as you’ve seen, can end up on your system without you downloading anything on purpose.
I think tips 3 and 4 aren't reasonable for the average person. Many of use keep a lot of important information on our computers and not everyone has external storage devices to store them on. This can be handled with proper backups of your data, either on external drives or with Cloud storage. Tip 4 isn't reasonable because many legit websites have been caught sharing malware.
If you can, consider using ad and flash blockers. Look into click-to-play plugins where you can run Flash or any other web plugins, but they'll only run when you tell them to. Stay safe out there goblins!
OH Wow that's pretty harsh, payloads from email is one thing, now we are getting the cryptowall payload from websites? Truly a not very fun world the digital universe has become.
ReplyDelete