Incidents

Adserver compromised – legitimate sites serving malware

Saturday seemed like a quiet day, apart from the new Sober, however it was far from that. In the morning I received some local reports claiming that some respectable sites were distributing malware.

As it turns out, a popular Adserver had been compromised and scripts were modified in such a way that instead of just ads, malware was also delivered to the visitor. At least dozens of sites have unintentionally ‘distributed’ malware, many of them sites with greatly respected names.

This news comes after reports of other (ad)servers being compromised, all using Exploit.HTML.Iframebof to infect the system with malware.

Seeing that there currently is no patch for Exploit.HTML.Iframebof available, Kaspersky Lab strongly recommends anyone using MS Windows, but not running XP/SP2, to use an alternative browser.

A more detailed article on this subject will be posted soon on viruslist.com.

Adserver compromised – legitimate sites serving malware

Your email address will not be published.

 

Reports

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

APT trends report Q2 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox