<div dir="ltr"><div><div class="m_-2544486377379024939gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<table class="m_-2544486377379024939backgroundTable" bgcolor="#ffffff" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" valign="top">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top:0px solid rgb(0,0,0);border-bottom:1px solid rgb(255,255,255);background-color:rgb(255,255,255);text-align:center" align="center"><span style="font-size:10px;color:rgb(96,96,96);line-height:200%;font-family:verdana;text-decoration:none">Email not displaying correctly? <a href="http://www.oplin.org/4cast/" style="font-size:10px;color:rgb(0,0,255);line-height:200%;font-family:verdana;text-decoration:none" target="_blank">View it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top:0px solid rgb(51,51,51);border-bottom:0px solid rgb(255,255,255);background-color:rgb(255,255,255)">
<center><a><img id="m_-2544486377379024939editableImg1" src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/4cast_email_header.png" title="OPLIN" alt="OPLIN 4Cast" align="middle" border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width:763px;height:877px" bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size:12px;color:rgb(0,0,0);line-height:150%;font-family:'Gothic Sans',sans-serif" bgcolor="#ffffff" valign="top">
<p> <span style="font-size:20px;font-weight:bold;color:rgb(0,0,0);font-family:arial;line-height:110%">OPLIN 4cast #520: More than meets the eye</span><br>
<span style="font-size:11px;font-weight:normal;color:rgb(102,102,102);font-style:italic;font-family:arial">December 14th, 2016</span></p>
<p style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><img align="left" class="m_-2544486377379024939alignleft m_-2544486377379024939size-full m_-2544486377379024939wp-image-6101" src="http://4cast.oplin.org/wp-content/uploads/2016/12/Fotolia_79844730_XS.jpg" alt="Faceless unknown unrecognizable anonymous man with digital tablet computer browsing internet." width="130" height="94" style="padding-right:14px;padding-top:4px;padding-bottom:4px" title=""> Last week, Eset Research posted <a href="http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/" target="_blank">a report</a> about malware they had discovered which gathered information about infected computers and reported it back to the attack server. That, unfortunately, is not unusual. What is unusual about this exploit is the way it is delivered to the victim computer — the attack code is hidden inside an image that looks like an ad. It is interesting to see the clever way this was done, and also the development of the exploit over time. It is also important to note that the protection against this attack (as with so many other attacks) is simply keeping your software patched and up to date.</p><div> </div>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="http://boingboing.net/2016/12/07/for-two-years-criminals-stole.html" target="_blank">For two years, criminals stole sensitive information using malware hidden in individual pixels of ad banners</a> (Boing Boing | Cory Doctorow) “The criminals were able to send banner ads and javascript to their targets’ computers by pushing both into ad networks. These networks aggressively scan advertisers’ javascript for suspicious code, so the criminals needed to sneak their bad code past these checks. To do this, they made tiny alterations to the transparency values of the individual pixels of the accompanying banner ads, which were in the PNG format, which allows for pixel-level gradations in transparency. The javascript sent by the attackers would run through the pixels in the banners, looking for ones with the telltale alterations, then it would turn that tweaked transparency value into a character. By stringing all these characters together, the javascript would assemble a new program, which it would then execute on the target’s computer.”</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="http://arstechnica.com/security/2016/12/millions-exposed-to-malvertising-that-hid-attack-code-in-banner-pixels/" target="_blank">Millions exposed to malvertising that hid attack code in banner pixels</a> (Ars Technica | Dan Goodin) “The ads promote applications calling themselves ‘Browser Defence’ and ‘Broxu’ and targeted people who visited the news sites using Internet Explorer browsers. The script concealed in the pixels exploited a now-patched IE vulnerability indexed as CVE-2016-0162 to obtain details about the visitors’ computers. Among other things, the script checked for the presence of packet capture, sandboxing, and virtualization software and a variety of security products. Machines that didn’t exhibit signs of the software and contained a vulnerable version of Flash were then redirected to the exploit site, which would serve one of two families of malware.”</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="http://www.itworld.com/article/3147811/security/malicious-online-ads-expose-millions-to-possible-hack.html" target="_blank">Malicious online ads expose millions to possible hack</a> (IT World | Michael Kan) “Hackers have used similar so-called malvertising tactics to secretly serve malicious coding over legitimate online advertising networks. It’s an attack method that has proven to be <a href="http://www.pcworld.com/article/3101820/security/long-running-malvertising-campaign-infected-thousands-of-computers-per-day.html" target="_blank">successful</a> at quickly spreading malware to potentially millions.”</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="http://www.securitynewspaper.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/" target="_blank">Readers of popular websites targeted by stealthy stegano exploit kit hiding in pixels of malicious ads</a> (Security Newspaper) “An earlier variant of this stealthy exploit pack has been hiding in plain sight since at least late 2014, when we spotted it targeting Dutch customers. In spring 2015 the attackers focused on the Czech Republic and now they have shifted their focus onto Canada, Britain, Australia, Spain and Italy. In the earlier campaigns, in an effort to masquerade as an advertisement, the exploit kit was using domain names starting with ‘ads*.’ and URI names containing watch.flv, media.flv, delivery.flv, player.flv, or mediaplayer.flv. In the current campaign, they have improved their tactics significantly. It appears that the exploit pack’s targeting of specific countries is a result of the advertising networks the attackers were able to abuse.”</li>
<div style="text-align:left"> </div>
<p style="text-align:left;font-size:20px;font-family:arial;line-height:110%"><small><strong><em>Articles from <a href="http://ohioweblibrary.org" target="_blank">Ohio Web Library</a>:</em></strong></small><br>
</p>
<div style="text-align:justify;font-size:16px;font-family:arial;line-height:110%">
<ul> <li><a href="http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=f5h&AN=110167939" target="_blank">Cyber crime: 10 things every leader should know.</a> (<em>Director</em>, Oct.2015, p.68-72 | Nick Scott)</li> <li><a href="http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=113500215" target="_blank">5 immediate ways to fight cybercrime.</a> (<em>Fortune</em>, 3/15/2016, p.44 | Verne Harnish)</li> <li><a href="http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=118506730" target="_blank">Threat and challenges of cyber-crime and the response.</a> (<em>SAM Advanced Management Journal</em>, Spring 2016, p.4-10 | C. Alexander Hewes, Jr.)</li>
</ul>
</div>
<div style="text-align:left"> </div>
</td>
</tr>
<tr>
<td valign="top" width="760"><span style="font-size:10px;color:rgb(96,96,96);line-height:100%;font-family:verdana"> <hr>
<div style="text-align:justify">The <strong><em>OPLIN 4cast</em></strong> is a weekly compilation of recent headlines, topics, and trends that could impact public libraries. You can subscribe to it in a variety of ways, such as: <br>
</div>
<div style="text-align:left"> </div>
<ul>
<li style="text-align:justify"><strong>RSS feed.</strong> You can receive the OPLIN 4cast via RSS feed by subscribing to the following URL: <a href="http://www.oplin.org/4cast/index.php/?feed=rss2" target="_blank">http://www.oplin.org/4cast/<wbr>index.php/?feed=rss2</a>.</li>
<li style="text-align:justify"><strong>Live Bookmark.</strong> If you're using the Firefox web browser, you can go to the 4cast website (<a href="http://www.oplin.org/4cast/" target="_blank">http://www.oplin.org/4cast/</a>) and click on the orange "radio wave" icon on the right side of the address bar. In Internet Explorer 7, click on the same icon to view or subscribe to the 4cast RSS feed.</li>
<li style="text-align:justify"><strong>E-mail.</strong> You can have the OPLIN 4cast delivered via e-mail (a'la OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at <a href="http://lists.oplin.org/mailman/listinfo/OPLIN4cast" target="_blank">http://lists.oplin.org/<wbr>mailman/listinfo/OPLIN4cast</a>.</li>
</ul> </span> </td>
</tr>
<tr>
<td style="text-align:center;font-family:'Century Gothic',sans-serif;border-top:0px solid rgb(255,255,255);background-color:#2c4587;color:#fff" valign="top" width="760">© 2016 Ohio Public Library Information Network<br> <a href="http://www.slideshare.net/oplin" title="Find us on Slideshare" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/slideshare3.png" alt="Find us on Slideshare"></a> <a href="http://www.facebook.com/oplin.org" title="Find us on Facebook" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/facebook_0.png" alt="Find us on Facebook"></a> <a href="https://plus.google.com/107751358238995507967" title="Find us on Google+" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/google+.png" alt="Find us on Google+"></a> <a href="http://www.twitter.com/oplin" title="Find us on Twitter" target="_blank"><img src="http://www.oplin.org/4cast/wp-content/themes/unlimited/assets/images/twitter_0.png" alt="Find us on Twitter"></a> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div></div></div></div></div></div></div>
</div>