Antivirus firm ESET recently released a report stating that its researchers have discovered a new exploit kit spreading via malicious ads on many reputable and popular websites. Since October this year, these malicious ads have been displayed to more than a million web surfers who use Internet Explorer browser.
ESET researchers say that the cybercriminals have been targeting Internet Explorer users by scanning their computers for vulnerabilities in Flash Player. Basically, these ads use images that contain malicious code buried within the parameters of their alpha channel. This, by the way, is used to define the transparency of each pixel in an image, meaning that adding the malware to an image’s alpha channel is a minor modification, resulting in an image that has only slightly different tone than the original. In other words, the malware is based on the Stegano exploit kit.
Once the advertisement is displayed on the visitor’s screen, it starts exploiting loopholes in Internet Explorer first to check if the user’s PC is running on a malware analyst’s machine. Then it does the same thing with Flash Player, where it yet again checks if it’s being monitored. “If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a GIF image. The payload is then decrypted and launched via regsvr32.exe or rundll32.exe,” ESET explains.
But ESET states that web surfers can stay safe by using a reliable internet security solution and by updating their security software, browser, and Flash Player regularly.
Source:
Digital Trends (http://www.digitaltrends.com/computing/eset-malware-images-alpha-channel-browser-defense-broxu-stegano/)
Chanwoo's Weekly Tech 