contadores de paginas web Saltar al contenido

Rogue Security Sphere 2012 + Drive-by + Openx


One of the best-known torrent sites on the internet was serving malware to its visitors without the administrators knowing, the attackers managed to filter malicious codes on the Openx platform to spread a fake antivirus.

On the Armorize blog you can find a detailed report and a video showing the infection process. It is an attack drive-by download that by means of a malicious Java applet automatically installs a fake program called Security Sphere 2012.

Fake antivirus was installed when visiting the site

At SpamLoco I have commented on several similar cases (for example here and here). Imagine for a second the situation, you browse the site for a few minutes as you usually do and when you close the browser you find that there is a new antivirus installed, saying that the computer is completely infected and requesting your credit card to buy the license.

Although it is not something that happens every day, sooner or later it can happen if the conditions are met. In this case a site that is normally visited compromised, an outdated Java version and an antivirus that was not able to block the attack.

As reported in Armorize, when the malware was analyzed the detection rate was very low (VT 2/43). Those responsible for the attack are the same ones that days ago infected (a well-known service to measure connection speed) also through Openx, at that time the detection rate in VirusTotal was 0/43.

And what measures do you implement to avoid this kind of attack?