Some news from last week that we just noticed… From around June 14th through the 20th attackers apparently compromised Government Security News (GSN), one of our favorite goto sites to skim for government-related information security going-ons. First reported by Google Chrome’s “Warning: Visiting this site may harm your computer” message, researchers from Zscaler noted that GSN’s advertising channels were littered with injected code from googlecodehosting(.)com/org/net and openxadvertising(.)com, which all resolved to 220.127.116.11.
Users who clicked on malicious ads were asked to download a JAR file from compromised WordPress sites. Using two recent Java vulnerabilities, the files would attempt to install the Zero Access Trojan on the user’s computer. The malvertising attack also affected 60+ other sites, including a local DC radio station. Due to similar attack techniques, security pros are speculating that the same individuals responsible for last month’s compromised WTOP and FedNewsRadio also took part in this attack.
On Monday, Government Security News’ (GSN) Editor-in-Chief Jacob Goodwin told readers that the site had been the victim of a cyberattack, which was targeting visitors to the site with malware. As it turns out, more than 60 other sites were victimized by the same attack.
The GSN attack was initially noticed due to a warning issued by Google’s Chrome after someone attempted to view the site. Chrome, assuming Google is aware of the issue at the time, will flag domains that are confirmed to have malicious content on them.
In addition to GSN, Monday’s malware campaign targeted other media organizations, including a D.C. area radio station, by hijacking the advertising channel. The domains were not compromised, but the ad network itself was used to deliver the redirect code and malicious payload – a classic malvertising attack.
Today’s post pic is from ThreatPost.com. See ya!