Web Surfers, Beware - Chinese Site Found Serving Malwares Aggressively

Web Surfers, Beware - Chinese Site Found Serving Malwares Agressively

Stumbling through websites ? It is not a good idea, according to the researchers at security firm Cyphort.

Cyphort researchers have found a Chinese video sharing site that serves malwares (83 Windows Executables) to infect users by exploiting Windows OLE Automation Array Remote Code Execution Vulnerability. This vulnerability allows attackers to infect Windows systems such as Windows Vista, Windows 7 and Windows Server 2012. It was patched by Microsoft back in November 2014, Cyphort said.

ATTACK FLOW

When a user visits "www.49lou.com", the embedded "script src" tag on the main page redirects the user to a site that hosts an exploit of CVE-2014-6332 to start the remote code execution.


Cyphort researchers performed an analysis on 83 pieces of Windows EXE and DLL binaries served up by 49lou.com, only 37 were reported to Virus Total at the time of discovery – with 29 of them found to be malicious.

On the other hand, Cyphort ATD platform found 42 out of the total 79 to be malicious, with one seen by VT with no detection.

Researchers said, "If this site were visited by a lot of surfers from the United States, the discovery of it serving 83 binaries without user interaction or knowledge would probably have happened much earlier, and should have set off huge alarms, period."

"We suspect that the majority of the visitors to 49lou.com are not US-based and those endpoints are likely poorly protected, " they added.

Here are some protective measures from Cyphort researchers: 
  • Keep your system and applications patched in a timely fashion. 
  • Be very vigilant in visiting sites with busy offering and popups. When you do need to visit them, doing so from a non-Windows platform may reduce your chance of infection, at least until the bad actors start to target non-Windows endpoints more. 
  • Enterprises should adopt the new defense paradigm with a continuous monitoring, diagnostics, and mitigation approach; implement education and threat intelligence sharing so that employees are warned off of infection web site.

No comments

Powered by Blogger.