Monday, February 29, 2016

Chinese IPSs inject malware on the web

Soon we could not navigate calmly on the web because more and more webs are being infected with malware. What we didn't expect was the Chinese ISPs were also injecting odd things on the webs. We'll expand this information and keep talking about this matter because the Angler kit is still infecting high traffic webs with ransomware  and other ransomware, CTB Locker, has launched a new version specialized in attacking WordPress sites. The situation is starting to be desperate and the last thing we need is the antivirus don't working well.

Three Israeli researchers have discovered at least two important Chinese ISPs which inject ads and malware in its network traffic, without being necessary of their clients. They redirects to whom they want to websites with links which will infect or show ads which aren't in the original site. We hope this example doesn't spread to other ISPs of the world.

Angler keeps infecting websites 

Who are following this example are the criminals behind the Angler exploit kit, which keeps assaulting irretrievably all the websites it can, specially if it have great traffic amounts. Now it's the time of, a site to sell software for Microsoft Office, with almost a million visitors in January. If among these visitors someone used Internet Explorer, they have been infected with ransomware.

CTB-Locker goes to web

Talking about ransomware, the famous CTB-Locker has launched a new version, focused on attacking websites, not their visitors but the sites, encrypting their files and asking for a 0,4 Bitcoins rescue. Thousands WordPress sites have been infected, opening a new field for the ransomware crime.

Fake positive

To culminate this post, dedicated to malware on the network, we talk about today's incident, which left  the readers of different journals without reading them, among them Spanish journals like "El País" and "El Mundo", because the antivirus ESET NOD32 blocked the access, because of the existence of a trojan in their pages. Finally it has been warned it was a fake positive, which  has worried the users during hours. And that's normal, because today all of us know we must be prepared to navigate in the network wearing and armour and very carefully.

We wish our readers a good week beginning today, in the start of the RSA Conference of San Francisco until March 3th.


Post a Comment