The Stegano exploit kit, previously known as Astrum, is being spread through a malvertising campaign. ESET researchers...
say that they have seen many major domains, including news websites that see daily traffic in the millions, hosting these malicious graphics. How does Stegano use web advertisements to its advantage? How can users spot malvertising on the websites they visit?
This should go without saying, but using a web browser on the internet continues to be a leading cause of malware infections. When someone installs Flash on their computer, things often only get worse.
Attackers continue to exploit pervasive vulnerabilities to achieve their goals. It's unrealistic to tell everyone to give up and live in the woods, so people and enterprises will continue to be victimized by malware.
ESET researchers have observed a new attack where third-party ads are used to distribute the Stegano exploit kit. This malvertising campaign has been attributed to the AdGholas group.
The malware continuously checks if debuggers, network sniffers or other security tools are running and, if so, the malware terminates to prevent further analysis. Once the exploits run, additional malware is downloaded to take complete control of the system.
As ESET points out, the malicious ad that delivers the Stegano exploit kit doesn't appear to be significantly different from a legitimate ad. Since a regular person probably won't compare the two, it is unlikely they will notice any difference. It may not even be possible to spot malicious ads based on just visual inspection, so standard security awareness guidance may not be that helpful.
Organizations with websites providing third-party ad services or that include third-party ads should secure them against malvertising by vetting the identity of the person requesting the ads, checking the ads for malware before posting, converting images into a common format to strip out potentially malicious content and setting up an automated system to periodically check the website for malware by downloading the webpages from a potentially vulnerable system.
Learn how to manage vulnerable software at risk for being targeted by exploit kits
Find out how CryptXXX ransomware spreads through legitimate websites
Discover how malicious TIFF images are used to exploit LibTIFF library flaws
Dig Deeper on Endpoint protection and client security
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ... Continue Reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common... Continue Reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.