Windows 10 users targeted in new social engineering attack

Posted 09 March 2017 17:40 CEST by Jan Willem Aldershoff

Cybercriminals who previously exploited vulnerabilities in Adobe Flash Player, Java and Internet Explorer to infect users with malware, now make use of social engineering to distribute ransomware. The developers of the Magnitude exploit kit that previously abused vulnerabilities in Internet Explorer and Flash now use new tricks to infect their victims with malware.

Using vulnerabilities in popular software hardly required any user interaction. The new tricks that should convince users to install the malware themselves require more sophistication, which is called social engineering. Due to the low number of new exploits for popular software, the developers of exploit kits have resorted to such methods.

The method used by the developer of the Magnitude exploit kit is based on showing malicious advertisements to Windows 10 users with Internet Explorer. When they click the malcious ad they are directed to a page that shows a (fake) warning that Windows Defender can’t be updated. The warning tells users to download an update to solve the issue. The update is a .lnk file that installs the Cerber ransomware on the computer which in its turn starts to encrypt files in the computer and demands a ransom for decryption. Currently especially Asian users are targeted.

“While the social engineering scheme outlined here lacks the refinement of others we have observed in email distribution, the addition of a social engineering attack chain to a major exploit kit is noteworthy,” according to a researcher of security company Proofpoint.

The usage of social engineering means that finding leaks in software now has lower priority because through social engineering users infect their own computer and circumvent all kinds of security measures in browser and Windows themselves.



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×