Equifax website borked again, this time to redirect to fake Flash update

In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.

Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to check what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp//:centerbluray.info that looked like this:


Randy Abrams



He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the influence of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same centerbluray.info page.



Equifax Flash Download

The file that got delivered when Abrams clicked through is called MediaDownloaderIron.exe. This VirusTotal entry shows only Panda, Symantec, and Webroot detecting the file as adware. This separate malware analysis from Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com.

https://arstechnica.com/information-technology/2017/10/equifax-webs...

Views: 169

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

TOP CONTENT THIS WEEK

Latest Activity

Central Scrutinizer posted a blog post
47 minutes ago
Central Scrutinizer favorited Doc Vega's blog post America Under Asymmetrical Warfare
1 hour ago
stormtruther's blog post was featured
3 hours ago
Less Prone commented on stormtruther's blog post Man who saved Jimmy Savile is now leader of the Labour Party (Still fucking little boys then)
"Perverts in power favour perversion everywhere."
3 hours ago
Less Prone favorited James Roberts's blog post Hospitals Not War Zones as Media Says - Compilation Video
3 hours ago
Less Prone commented on James Roberts's blog post Hospitals Not War Zones as Media Says - Compilation Video
"https://www.worldometers.info/coronavirus/   shows Covid-19 cases per million…"
3 hours ago
Phyllis Maka's 2 blog posts were featured
3 hours ago
Less Prone commented on Mr. Sizzle's blog post Something to ponder and enjoy rather than the fear porn of Covid 19
"Weaponized music, they have weaponized practically everything you can touch, see, hear and feel and…"
3 hours ago
Less Prone favorited Mr. Sizzle's blog post Something to ponder and enjoy rather than the fear porn of Covid 19
3 hours ago
Keisha Ruan's blog post was featured

Work Force Giving us Notices on Martial Law

A note from our hospital administrator that I thought made me special until…I told the lady at the…See More
3 hours ago
Chris of the family Masters's blog post was featured
3 hours ago
Less Prone favorited Central Scrutinizer's blog post They Live .....Still today!!
4 hours ago
Doc Vega's blog post was featured

America Under Asymmetrical Warfare

The United States is at the very precipice of a dangerous transformation of our society, freedoms,…See More
4 hours ago
Less Prone commented on Less Prone's video
Thumbnail

Barrie Trower Interview - Whistle blower exposes 5G and MW technology

"What the Telecom Industry Doesn’t Tell You… But Does Tell It’s…"
4 hours ago
Doc Vega replied to Less Prone's discussion MN Senator and Dr. Reveals HHS Document Coached Him on How to Overcount COVID-19 Cases
"Typical of the government generated disinformation we get!"
4 hours ago
Doc Vega favorited Less Prone's discussion MN Senator and Dr. Reveals HHS Document Coached Him on How to Overcount COVID-19 Cases
4 hours ago
Doc Vega commented on James Roberts's blog post Why Are So Many People That Have "Recovered" From The Coronavirus Testing Positive Again?
"Talking with someone who has excellent sources to Chinese Cable TV apparently the coronavirus…"
4 hours ago
Less Prone posted a video

Barrie Trower Interview

Der Militärexperte Dr. Barrie Trower gilt als renommierter Fachmann rund um die Aufklärung zur neuen Mobilfunkstrahlung 5G. Dieses Interview entstand im Rahm...
4 hours ago
Doc Vega commented on Doc Vega's blog post America Under Asymmetrical Warfare
"Thank you Les!"
4 hours ago
Doc Vega commented on Doc Vega's blog post America Under Asymmetrical Warfare
"Thanks Mister Sizzle."
4 hours ago

© 2020   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted