Equifax website borked again, this time to redirect to fake Flash update

In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.

Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to check what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp//:centerbluray.info that looked like this:


Randy Abrams



He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the influence of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same centerbluray.info page.



Equifax Flash Download

The file that got delivered when Abrams clicked through is called MediaDownloaderIron.exe. This VirusTotal entry shows only Panda, Symantec, and Webroot detecting the file as adware. This separate malware analysis from Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com.

https://arstechnica.com/information-technology/2017/10/equifax-webs...

Views: 158

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

TOP CONTENT THIS WEEK

Latest Activity

oldranger_68 commented on oldranger_68's blog post Israeli Holocaust Museum: there is no physical evidence of the holocaust
"Maybe I need asbestos underwear."
7 minutes ago
Burbia commented on oldranger_68's blog post Israeli Holocaust Museum: there is no physical evidence of the holocaust
9 minutes ago
Boris favorited Phyllis Maka's blog post NEW DRONE VIDEO FROM PEDO ISLAND - Jim Stone
11 minutes ago
Burbia commented on KLC's group MUSICWARS
"lyrics: Some People Like Candy Some People Like Cofee But These Lifeless Flavors Don't…"
11 minutes ago
Burbia commented on Maas's video
Thumbnail

Michael Jackson - They Don't Care About Us (Uncensored)+lyrics

"This song, calling Tommy Mattola the devil, owning his master tapes and the Beatles, had his name…"
28 minutes ago
Boris favorited Phyllis Maka's blog post NEW DRONE VIDEO FROM PEDO ISLAND - Jim Stone
46 minutes ago
Burbia posted a video

VOAT vs Nicole Junkermann: Mossad's Harvard Asset with Jeffrey Epstein (@JohnnyVedmore)

VOAT still on lockdown: Nicole Junkermann, the Jeffrey Epstein Associate Nobody's Talking About: The IDF Linked Bond Girl Infiltrating the UK NHS - FIFA Corr...
1 hour ago
oldranger_68 commented on oldranger_68's blog post Israeli Holocaust Museum: there is no physical evidence of the holocaust
"Nor can there be, because it's the biggest hoax ever pulled on the world...other than…"
3 hours ago
Exposure shared their blog post on Digg
4 hours ago
cheeki kea replied to Mrs. Tif Morgan's discussion Central Bankers Warn of Chaos in a Cashless Society: by Laurens Cerulus and Cat Contigugli
"One oversized thief of a bank had the cheek to demand ID from me when I needed to deposit money in…"
4 hours ago
cheeki kea favorited Mrs. Tif Morgan's discussion Central Bankers Warn of Chaos in a Cashless Society: by Laurens Cerulus and Cat Contigugli
5 hours ago
Chris of the family Masters replied to Mrs. Tif Morgan's discussion Central Bankers Warn of Chaos in a Cashless Society: by Laurens Cerulus and Cat Contigugli
"Cashless banking has one, and only one benefit - The bankrupt banksters will be able steal money…"
5 hours ago
cheeki kea replied to Mrs. Tif Morgan's discussion Jeffrey Epstein Was Given Three 12 Yr Old Girls to Abuse As A Birthday Gift, Unsealed Court Documents Claim
"That's a name that that keeps popping up."
5 hours ago
Mrs. Tif Morgan posted discussions
5 hours ago
Mrs. Tif Morgan replied to Mrs. Tif Morgan's discussion UN Global Migration Compact Russia: at Its Best
"This does look like a FUBAR...:)"
5 hours ago
Mrs. Tif Morgan replied to Mrs. Tif Morgan's discussion Jeffrey Epstein Was Given Three 12 Yr Old Girls to Abuse As A Birthday Gift, Unsealed Court Documents Claim
"The Rothschild Banking family at their best....:)"
5 hours ago

© 2019   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted