Nmedia - Fotolia
The Stegano exploit kit, previously known as Astrum, is being spread through a malvertising campaign. ESET researchers say that they have seen many major domains, including news websites that see daily traffic in the millions, hosting these malicious graphics. How does Stegano use web advertisements to its advantage? How can users spot malvertising on the websites they visit?
This should go without saying, but using a web browser on the internet continues to be a leading cause of malware infections. When someone installs Flash on their computer, things often only get worse.
Attackers continue to exploit pervasive vulnerabilities to achieve their goals. It's unrealistic to tell everyone to give up and live in the woods, so people and enterprises will continue to be victimized by malware.
ESET researchers have observed a new attack where third-party ads are used to distribute the Stegano exploit kit. This malvertising campaign has been attributed to the AdGholas group.
The malware continuously checks if debuggers, network sniffers or other security tools are running and, if so, the malware terminates to prevent further analysis. Once the exploits run, additional malware is downloaded to take complete control of the system.
As ESET points out, the malicious ad that delivers the Stegano exploit kit doesn't appear to be significantly different from a legitimate ad. Since a regular person probably won't compare the two, it is unlikely they will notice any difference. It may not even be possible to spot malicious ads based on just visual inspection, so standard security awareness guidance may not be that helpful.
Organizations with websites providing third-party ad services or that include third-party ads should secure them against malvertising by vetting the identity of the person requesting the ads, checking the ads for malware before posting, converting images into a common format to strip out potentially malicious content and setting up an automated system to periodically check the website for malware by downloading the webpages from a potentially vulnerable system.
Learn how to manage vulnerable software at risk for being targeted by exploit kits
Find out how CryptXXX ransomware spreads through legitimate websites
Discover how malicious TIFF images are used to exploit LibTIFF library flaws
Dig Deeper on Endpoint protection and client security
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading