The Stegano exploit kit, previously known as Astrum, is being spread through a malvertising campaign. ESET researchers...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
say that they have seen many major domains, including news websites that see daily traffic in the millions, hosting these malicious graphics. How does Stegano use web advertisements to its advantage? How can users spot malvertising on the websites they visit?
This should go without saying, but using a web browser on the internet continues to be a leading cause of malware infections. When someone installs Flash on their computer, things often only get worse.
Attackers continue to exploit pervasive vulnerabilities to achieve their goals. It's unrealistic to tell everyone to give up and live in the woods, so people and enterprises will continue to be victimized by malware.
ESET researchers have observed a new attack where third-party ads are used to distribute the Stegano exploit kit. This malvertising campaign has been attributed to the AdGholas group.
The malware continuously checks if debuggers, network sniffers or other security tools are running and, if so, the malware terminates to prevent further analysis. Once the exploits run, additional malware is downloaded to take complete control of the system.
As ESET points out, the malicious ad that delivers the Stegano exploit kit doesn't appear to be significantly different from a legitimate ad. Since a regular person probably won't compare the two, it is unlikely they will notice any difference. It may not even be possible to spot malicious ads based on just visual inspection, so standard security awareness guidance may not be that helpful.
Organizations with websites providing third-party ad services or that include third-party ads should secure them against malvertising by vetting the identity of the person requesting the ads, checking the ads for malware before posting, converting images into a common format to strip out potentially malicious content and setting up an automated system to periodically check the website for malware by downloading the webpages from a potentially vulnerable system.
Learn how to manage vulnerable software at risk for being targeted by exploit kits
Find out how CryptXXX ransomware spreads through legitimate websites
Discover how malicious TIFF images are used to exploit LibTIFF library flaws
Dig Deeper on Endpoint protection and client security
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.