[OPLIN 4cast] OPLIN 4cast #520: More than meets the eye

OPLIN Support support at oplin.ohio.gov
Wed Dec 14 10:30:06 EST 2016


Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4cast #520: More than meets the eye
December 14th, 2016

[image: Faceless unknown unrecognizable anonymous man with digital tablet
computer browsing internet.] Last week, Eset Research posted a report
<http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/>
about malware they had discovered which gathered information about infected
computers and reported it back to the attack server. That, unfortunately,
is not unusual. What is unusual about this exploit is the way it is
delivered to the victim computer — the attack code is hidden inside an
image that looks like an ad. It is interesting to see the clever way this
was done, and also the development of the exploit over time. It is also
important to note that the protection against this attack (as with so many
other attacks) is simply keeping your software patched and up to date.
- For two years, criminals stole sensitive information using malware hidden
in individual pixels of ad banners
<http://boingboing.net/2016/12/07/for-two-years-criminals-stole.html>
(Boing Boing | Cory Doctorow)  “The criminals were able to send banner ads
and javascript to their targets’ computers by pushing both into ad
networks. These networks aggressively scan advertisers’ javascript for
suspicious code, so the criminals needed to sneak their bad code past these
checks. To do this, they made tiny alterations to the transparency values
of the individual pixels of the accompanying banner ads, which were in the
PNG format, which allows for pixel-level gradations in transparency. The
javascript sent by the attackers would run through the pixels in the
banners, looking for ones with the telltale alterations, then it would turn
that tweaked transparency value into a character. By stringing all these
characters together, the javascript would assemble a new program, which it
would then execute on the target’s computer.”
- Millions exposed to malvertising that hid attack code in banner pixels
<http://arstechnica.com/security/2016/12/millions-exposed-to-malvertising-that-hid-attack-code-in-banner-pixels/>
(Ars Technica | Dan Goodin)  “The ads promote applications calling
themselves ‘Browser Defence’ and ‘Broxu’ and targeted people who visited
the news sites using Internet Explorer browsers. The script concealed in
the pixels exploited a now-patched IE vulnerability indexed as
CVE-2016-0162 to obtain details about the visitors’ computers. Among other
things, the script checked for the presence of packet capture, sandboxing,
and virtualization software and a variety of security products. Machines
that didn’t exhibit signs of the software and contained a vulnerable
version of Flash were then redirected to the exploit site, which would
serve one of two families of malware.”
- Malicious online ads expose millions to possible hack
<http://www.itworld.com/article/3147811/security/malicious-online-ads-expose-millions-to-possible-hack.html>
(IT World | Michael Kan)  “Hackers have used similar so-called malvertising
tactics to secretly serve malicious coding over legitimate online
advertising networks. It’s an attack method that has proven to be successful
<http://www.pcworld.com/article/3101820/security/long-running-malvertising-campaign-infected-thousands-of-computers-per-day.html>
at quickly spreading malware to potentially millions.”
- Readers of popular websites targeted by stealthy stegano exploit kit
hiding in pixels of malicious ads
<http://www.securitynewspaper.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/>
(Security Newspaper)  “An earlier variant of this stealthy exploit pack has
been hiding in plain sight since at least late 2014, when we spotted it
targeting Dutch customers. In spring 2015 the attackers focused on the
Czech Republic and now they have shifted their focus onto Canada, Britain,
Australia, Spain and Italy. In the earlier campaigns, in an effort to
masquerade as an advertisement, the exploit kit was using domain names
starting with ‘ads*.’ and URI names containing watch.flv, media.flv,
delivery.flv, player.flv, or mediaplayer.flv. In the current campaign, they
have improved their tactics significantly. It appears that the exploit
pack’s targeting of specific countries is a result of the advertising
networks the attackers were able to abuse.”

*Articles from Ohio Web Library <http://ohioweblibrary.org>:*

   - Cyber crime: 10 things every leader should know.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=f5h&AN=110167939>
   (*Director*, Oct.2015, p.68-72 | Nick Scott)
   - 5 immediate ways to fight cybercrime.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=113500215>
   (*Fortune*, 3/15/2016, p.44 | Verne Harnish)
   - Threat and challenges of cyber-crime and the response.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=118506730>
   (*SAM Advanced Management Journal*, Spring 2016, p.4-10 | C. Alexander
   Hewes, Jr.)

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL: http://www.oplin.org/4cast/
   index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast
   <http://lists.oplin.org/mailman/listinfo/OPLIN4cast>.

© 2016 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20161214/ed393c87/attachment.html>


More information about the OPLIN4cast mailing list