An Internet security firm has identified a new variant of a fake anti-virus attack that uses Web advertisements to relay users into the Shnakule network, a large malware delivery network on the Internet.
The Shnakule network has averaged around 2,000 unique host names per day with as many as 4,357 in a single day. It has been very active with fake anti-virus attacks typically conducted via search engine poisoning, according to Blue Coat Systems.
With this latest attack, Shnakule is now using malvertising to conduct its attacks. To date, the Blue Coat said it has identified more than 15,000 user requests related to the latest form of the attack.
The latest Shnakule attack is a three-staged attack that utilizes malicious Web advertisements. In the first stage, malicious ad servers were set up as independent entities, not directly associated with each other or any existing Shnakule sub-networks, to route users to malware.
In the second stage, a new Shnakule subnetwork relays users to the malware. The final stage is the malware payload, which changes frequently in an attempt to avoid detection from anti-virus software.
“Though this attack initially launched in late June, it is still continuing, and in a recent check of the payload by Blue Coat Security Labs against 43 anti-virus engines only two of those engines identified the payload as malicious or suspicious," said Chris Larsen, senior malware researcher for Blue Coat Systems.
Read more: http://goo.gl/FXpkr
No comments:
Post a Comment