Week in review 26 September 2014
It was a quiet week this week, at least until we hit Monday. There was some disquiet over eBay listings that led users to sites aimed at stealing their credentials. There was considerably more disquiet over eBay’s reaction to the issue. Malvertising hit the front page briefly, before being knocked off by jQuery. Finally, Kaspersky released their August report, in which Australia came out a winner (sort of).
The new iPhone came out last week, which caused a rise in eBay listings for older iPhones. It also caused a rise in bogus listings, as scammers created active listings, inserted malicious code, and waited for shoppers to fall for the trap. Unfortunately a few shoppers did fall for the trap, leading to compromised eBay accounts. Whilst the initial concern was the code was able to be used in active listings, of more concern was eBay’s seeming lax attitude to fixing the issue. Several security bloggers and technical journalists expressed concern that the flaw was left open.
Even at the time of writing, the exploit was still available. Malvertising is a new form of malware distribution. The technique is to use advertising pop-ups that contain malicious code that divert the user to other sites that serve up malware. A new malicious type of malvertising network (dubbed the Kyle and Stan network) cropped up recently. This network was reported this week by Cisco to be nine times larger than first thought.
The Kyle and Stan network has been able to insert ads on websites such as Amazon, making it a dangerous form of malvertising. jQuery.com was compromised this week; initial reports suggested that it was sending out drive-by malware. Fortunately this turned out to be false; in fact, no malware was installed on the site. The only impact was defacement of the site. Given the widespread use of the jQuery site by IT system administrators, it was fortunate that the attack was limited to defacement. Finally, Australia led the way in being the target of phishing attacks. This was one of the findings from the monthly report released by Kaspersky on spam. Other areas indicated that spam is still highly prevalent, constituting 67.2% of all email traffic. Phishing was up by 62% in August, and Google is the number one organisation target for phishing attacks.
As noted in our article on the report, the statistics are based on data obtained from Kaspersky products.