Malvertising Campaign With Neutrino Exploit Kit Discovered & Shut Down
Cisco’s Talos group detects global online campaign that exploits ads to transfer ransomware to victims’ computers.
Cisco System’s threat research group has detected and deactivated a global malvertising campaign which exposed visitors on legitimate sites to the malicious code Neutrino Exploit Kit, says Threatpost. Talos Security Intelligence and Research Group took two weeks beginning on August to work with GoDaddy and shut down the malicious server in Russia, which hosted the exploit kit.
According to Talos, criminals used “gates” to display ads stolen from other websites and redirected visitors to the exploit kit. Cisco researcher Nick Biasini said that in those two weeks about 1,000 of one million visitors may have been exposed to Neutrino EK, which then tried to transfer the CrypMIC ransomware to their computers.
Biasini emphasized the seriousness of malvertising campaigns noting that as more content continues to move online the primary revenue source for web sites is online ads. “Cybercriminals know this and are increasingly turning away from other more typical ways of pointing traffic to exploit kits and are now looking to malvertising,” he said.
For details of how the EK worked, click here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
via Dark Reading http://ift.tt/1jnKCEq
September 2, 2016 at 08:00AM