CryptoWall 2.0 Ransomware Segmentação sites populares - Como, Tecnologia e Fórum de Segurança PC |

CryptoWall 2.0 Ransomware Segmentação sites populares

Weelsof RansomwareIt has been recently revealed that the CryptoWall 2.0 ransomware was a part of a huge malvertising campaign targeting popular websites like 9Gag, AOL, Yahoo, etc. Around three million users a day were exposed to the latest version of the file-encrypting malware.

Malvertising is not a really complicated practice. It involves a malicious advertisement inserted in an ad network that distributes it to client webpages. Users are usually presented with different ads depending on their interests and location, which makes the attack rather difficult to detect. What is concerning is the fact that the payload is funneled on the affected machine via drive-by download, without any visible sign of the webpage being compromised.

CryptoWall 2.0 Targeting Popular Websites

The targeted websites have a very high Alexa rank. The list of the compromised webpages contains 22 names so far. It is important to note that not the websites themselves, but the network pushing the advertisements is the one being compromised. According to the researchers’ estimate, the hackers have made about $25 000 in Bitcoins per day. The profit from the entire campaign is supposedly about $750, 000.

Three big as network members have been noted to deliver malvertisements to webpage publishers:

  • Rubicon Project
  • Open X
  • Right Media

In these cases the ad copies and images were stolen from the Web, Especialistas dizem. There is no sign of any kind that the companies in question were involved in the campaign, or that their websites were compromised.

Researchers have discovered at least 84 variations of the CryptoWall ransomware since the beginning of the month.

A researcher with Palo Alto Networks reported that 85 000 attacks trying to deliver the ransomware have been recorded since CryptoWall 2.0 foi lançado. Most of them are delivered through emails with malicious attachments.

Multiple versions of CryptoWall have been detected recently. Some are delivered through the NuclearPack exploit kit, others via the FlashPack exploit kit. One of the variations is reportedly signed with a digital certificate from Comodo. In one of the most recent attacks, the ransomware was connected to four domains, all with a Russian IP address.


Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar