An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user’s PC, and forcibly download and launch into execution various strains of malware. Read more of this story at Slashdot.
Read the original post:
New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels
Copyright holders asked Google to remove more than 1, 000, 000, 000 allegedly infringing links from its search engine over the past twelve months, TorrentFreak reports. According to stats provided in Google’s Transparency Report for the past one year, Google was asked to remove over one billion links — or 1, 007, 741, 143 links. From the article: More than 90 percent of the links, 908, 237, 861 were in fact removed. The rest of the reported links were rejected because they were invalid, not infringing, or duplicates of earlier requests. In total, Google has now processed just over two billion allegedly infringing URLs from 945, 000 different domains. That the second billion took only a year, compared to several years for the first, shows how rapidly the volume of takedown requests is expanding. At the current rate, another billion will be added by the end of next summer. Most requests, over 50 million, were sent in for the website 4shared.com. However, according to the site’s operators many of the reported URLs point to the same files, inflating the actual volume of infringing content. Read more of this story at Slashdot.