Infected web files
Infected web files

Infected web files are installed on the target computer

Infected web files

During this particular exploit, the attacker's intention is to find and steal users' log in and password details

Infected web files
24-03-2012
Traditionally, a malware attack involves a file or, files being installed on the target computer and usually, the malicious file(s) are stored on the hard disk drive of the infected machine.
The files can be stored in a variety of places and usually, they are deeply hidden with the existing file structure of the operating system.
Anti-virus/malware programs are configured to scan our hard disk drives, to detect and hopefully, delete any malicious files.
The fact that the malicious file(s) have a physical presence on the infected machine, makes it easier for anti-virus/malware programs to detect and sort out the problem - delete the files and the infection is gone.
With the benefit of many years experience, the ant-virus/malware industry is well-honed in dealing with such threats. Recently however, a more worrying threat-scenario has surfaced.
www.securelist.com is reporting that a number of Russian web sites using www.adfox.ru, a popular ad-serving network supplying third party advertisements to thousands of web sites, have been used to initiate drive-by attacks on their users.
The attackers compromised the usual www.adfox.ru service by modifying the code that was being delivered to their subscribers web sites.
When a user visited a web page displaying an infected advertisement, they were redirected to an EU domain that instantly executed (CVE-2011-3544), a well-known java exploit that cyber criminals have been using for nearly six months.
The way that the user's machines were infected is not new. In the past, other ad-serving networks (including Google's Adsense Program) have been used in a similar way however, what is quite rare, is that the malware attack is 'fileless' - during the attack, no files are installed on the target machine !
The attack takes place in the target machine's random access memory and as no files are installed during this process, at present, any installed anti-virus/malware program is limited in protecting against this type of exploit.
During this particular exploit, the attacker's intention is to find and steal users' log in and password details and to gain access to their online banking services at several large Russian banks.
As this process takes place in a computers' random access memory, switching the machine off deletes the exploit and as long as you don't revisit the same or, another compromised web site, it is gone for ever. However, with infected advertisements being served to thousands of high profile web sites getting millions of visitors, it's not as easy as you might think to avoid this particular or, similar types of threat.
The ad-serving network involved in this particular threat has been informed and they have deleted the infected advertisements from their network, but with this type of attack set to become more prevalent, you have to question whether it is advisable to use online banking services.
Comments Section: use this form to add comments to this page
name:
email:
hide your email address
message:
a private message for the web site administrator
New comments are posted to the top of the list
Infected web files
Other related articles:
Online scams
09-07-2011
Facebook security problem
02-07-2011
Malware problem
05-03-2011
Infected web files
Infected web files
Privacy Policy
Copyright © 2007 - 2012 www.ticproblemsolver.com - all rights reserved