Incidents

Unexpected redirects

Maybe you’re one of the increasing number of users on the lookout for new ways to protect your machine against the malware that’s always in the news. Maybe you’re even one of the users running a sandbox on your machines. (If you’re not, and you don’t know what a sandbox is – it’s an isolated area on a computer, often running on a virtual machine, where you can run code without infecting the main or host machine. Sometimes a sandbox is a separate program that functions within the framework of the local OS – this type is easier for a novice to use as you don’t need to install a virtual machine.)

I was trying to download a sandbox application of the second type when I stumbled on something interesting. I got unexpectedly re-routed to download.com – it’s part of cnet.com and one of the most popular software repositories on the Internet.

The download went smoothly, but then I got re-routed to another page on download.com. This page contained recommendations for other popular software available for download.

The list of recommended software includes AntiVirus Defender, an adware program that we detect as not-a-virus:AdWare.Win32.OneStep.z. We’ve notified cnet so they are aware of the issue.

I think there’s a pretty clear moral here. You’re security conscious and you want to protect your computer. You’re looking for useful utilities. Download.com assures users that all programs available via the website have been analysed, and don’t contain any malicious code. So maybe you relax your vigilance. But with both businesses and bad guys making use of sponsored links on sites like download.com and Google, you’ve got to stay very alert indeed to make sure that you don’t get caught out.

Unexpected redirects

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox