• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
A1 Computer Repair

A1 Computer Repair

Computer Services

  • Home
  • About Us
  • Computer Repair
    • Local Computer Repair Services
    • Laptop Repair
    • Online Computer Repair
    • Custom Computer Builders
    • Get a Repair Quote
    • Schedule a Repair
  • IT Services
    • Managed Services
    • Malware Removal
    • Full System Tune-Up
    • Data Recovery Services for Home or Business
    • Install Security Cameras
    • Install Crypto Prevent
  • Cell Phone Repair
  • Customer Support
    • Create a Support Ticket
    • Remote Support Request
    • Schedule a Repair
    • Online Quote
  • Get a Quote
  • Pay Invoice
  • Contact Us
    • Contact A1 Now
    • Schedule a Repair
    • Customer Support
    • Remote Support Request
You are here: Home / Tech Support Blog / Millions Exposed To Ads That Use Images Infected By Malicious Scripts

Millions Exposed To Ads That Use Images Infected By Malicious Scripts

December 7, 2016 by admin

Antivirus provider ESET released a report on Tuesday stating that its researchers have discovered malicious code residing within advertisements that are currently in rotation on many “reputable” news websites. Since the beginning of October, these malicious ads have been exposed to millions of web surfers who still use Microsoft’s Internet Explorer browser.

According to the report, the ads promote applications called “Browser Defense” and “Broxu.” What’s scary is that the actual graphic used in these ads contains malicious code buried within the parameters of their alpha channel, which is used to define the transparency of each pixel in images. By way of explanation, an alpha channel is what makes the background color of an image transparent so that the focused object can reside as an overlay against any backdrop image or color.

Adding the malicious script to an image’s alpha channel is only a minor modification. The resulting image has a slightly different tone than the original, but if web surfers have no idea what the originating image looks like, then they have no clue the altered, malicious version is on their screen. The sample provided by the ESET researchers is barely indistinguishable from the “clean” original.

Once the advertisement is displayed on the visitor’s screen, the embedded code uses the CVE-2016-0162 vulnerability in Internet Explorer to scan the target PC to see if it’s running on a malware analyst’s machine. If the coast is clear, it will then load a landing page that includes a Flash file built for exploiting three vulnerabilities in Flash Player: CVE-2015-8651, CVE-2016-1019, and CVE-2016-4117.

“Upon successful exploitation, the executed shell code collects information on installed security products and performs — [in a manner] as paranoid as the cybercriminals behind this attack — yet another check to verify that it is not being monitored,” the antivirus firm reports. “If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a GIF image.”

When the encrypted payload is downloaded to the target PC, it is then decrypted and launched through regsvr32.exe or rundll32.exe in Microsoft Windows. The payloads detected thus far have included various trojan downloaders, banking trojans, backdoors, spyware, and “file stealers.”

The attack is based on the Stegano exploit kit, which uses steganography to hide malware out in plain sight. The term is typically used when hiding messages or information within public text and data. However, in this case, the method throws a malicious script within the alpha channel information of an image. The kit was first used in 2014 to target Dutch customers, and moved on to residents in the Czech Republic. New attacks are targeting web surfers in Australia, Britain, Canada, Italy, and Spain.

ESET senior malware researcher Robert Lipovsky pointed out in an interview that web surfers aren’t required to do anything to trigger the malicious script: all they have to do is visit a website displaying the infected ad. The payloads aren’t random either: attackers choose what to download to the target PCs.

Lipovsky added that the firm didn’t release a list of websites affected by the malicious ads because the information didn’t add any value to the warning. Even more, the firm didn’t want to inflict reputational harm to the websites given that they had no clue or control over displaying the ads. Naturally, web surfers can stay safe by keeping their browser, Flash Player, and security software updated regularly.

http://www.digitaltrends.com/computing/eset-malware-images-alpha-channel-browser-defense-broxu-stegano/

Filed Under: Tech Support Blog Tagged With: eset, malvertising, malware ads, malware protection, security, trojan, virus protection

Primary Sidebar

Call Today: (530) 903-8838

Find A1 on Social Media

  • Facebook
  • Google+
  • LinkedIn
  • Twitter
  • YouTube
Our Shop Location
A1 Computer Repair
2811 Cold Springs Rd
Placerville, Ca 95667
Phone: (530) 903-8838


Get Directions to the A1 Computer Repair Shop

a1 computer repair google reviews

a1 computer repair yelp reviews

Recent Posts

  • Audacity 3.0 called spyware over data collection changes by new owner
  • Bad Android Apps Removed From Play Store—Uninstall These Now
  • Trend Micro insider sold 120,000 customer records to scammers
  • Updating your software makes you more secure

Copyright © 2022 A1 Computer Repair · Serving the Placerville area since 2014

  • Quote
  • Support
  • Computer Repair
  • Laptop Repair
  • Computer Services
  • Cell Phone
  • Blog
  • Site Map
  • Privacy Policy
  • Terms and Conditions
Posting....