Equifax website borked again, this time to redirect to fake Flash update
In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.
Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to check what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp//:centerbluray.info that looked like this:
Randy Abrams
He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the influence of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.
Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same centerbluray.info page.
Equifax Flash Download
The file that got delivered when Abrams clicked through is called MediaDownloaderIron.exe. This VirusTotal entry shows only Panda, Symantec, and Webroot detecting the file as adware. This separate malware analysis from Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com.
https://arstechnica.com/information-technology/2017/10/equifax-webs...
Comment
"Destroying the New World Order"
THANK YOU FOR SUPPORTING THE SITE!
Latest Activity
- Top News
- Everything
"Gordon thanks for your support."
What If origins on Our Planet are Different Than we Think?
For a long time now there has been a theory that would fit into both creationism and the simulated…See More
All Bases Erased, Air Defense Shattered ! Iranian Missiles Massacre U.S. FORCES | Douglas Macgregor
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Same Package - Different Label
This way or that way, we get to the same place. It's time to take another road.
TRIVIA OF THE DAY Kier means “Penis” in Persian
"Nomen est omen. A political dick destroying his own country."
"Wow! The final progressive steps to the government run matrix. Now just fine tuning it. I…"
"That's a great poem it's a good time for writing being national poetry month in America…"
"All good points guys and perhaps in the future we'll see some new freak show of mRNA vax that…"
"SSRI's are poor substute for counciling soldiers back from war suffering from PTSD! "
© 2026 Created by truth.
Powered by
You need to be a member of 12160 Social Network to add comments!
Join 12160 Social Network