Tech Support Scams Going Nuclear
Posted by: Timothy Weaver on 12/03/2015 10:11 AM
[
Comments
]
New research indicates that tech support scams are getting more aggressive.
Researcher Deepak Singh said: "We've recently seen many instances where attackers serve tech support scams and the Nuclear exploit kit almost simultaneously,” Singh wrote. “We found that the scam's web pages include an iframe redirecting users to a server hosting the Nuclear exploit kit” that takes “advantage of the Adobe Flash Player Unspecified Remote Code Execution Vulnerability (CVE-2015-7645), among other security flaws.”
Once a victim lands on the scam web page, the Nuclear EK tries to exploit the vulnerabilities on the potential victim's computer. According to Singh, if the exploit is successful, it drops either the Trojan Cryptowall ransomware or Trojan.Miuref.B that steals information.
The attack is “a serious problem for users” primarily because they're distracted by the fake warnings while the ransomware is busy at work trying to find and encrypt files. Victims could be forced to pay not only for the "tech" support but also the ransom to get their files decrypted.
Researchers are unsure whether tech support scammers have “upped their game” or if “there could be a more banal explanation,” Singh noted. “Given the way that exploit kit attackers operate, it is quite possible that the tech support scammers' own web servers got compromised by a separate group who are using the Nuclear exploit kit.”
Singh explained that "Regardless, this is the first time we've seen tech support scams running in tandem with the Nuclear exploit kit to deliver ransomware and if this proves to be an effective combination, we are likely to see more of this in the future.”
Source: SCMagazine
Researcher Deepak Singh said: "We've recently seen many instances where attackers serve tech support scams and the Nuclear exploit kit almost simultaneously,” Singh wrote. “We found that the scam's web pages include an iframe redirecting users to a server hosting the Nuclear exploit kit” that takes “advantage of the Adobe Flash Player Unspecified Remote Code Execution Vulnerability (CVE-2015-7645), among other security flaws.”Once a victim lands on the scam web page, the Nuclear EK tries to exploit the vulnerabilities on the potential victim's computer. According to Singh, if the exploit is successful, it drops either the Trojan Cryptowall ransomware or Trojan.Miuref.B that steals information.
The attack is “a serious problem for users” primarily because they're distracted by the fake warnings while the ransomware is busy at work trying to find and encrypt files. Victims could be forced to pay not only for the "tech" support but also the ransom to get their files decrypted.
Researchers are unsure whether tech support scammers have “upped their game” or if “there could be a more banal explanation,” Singh noted. “Given the way that exploit kit attackers operate, it is quite possible that the tech support scammers' own web servers got compromised by a separate group who are using the Nuclear exploit kit.”
Singh explained that "Regardless, this is the first time we've seen tech support scams running in tandem with the Nuclear exploit kit to deliver ransomware and if this proves to be an effective combination, we are likely to see more of this in the future.”
Source: SCMagazine
Comments
