OpenX hack: Beware of Personal Shield Pro
I just got a message from the folks at GMO cloud and Armorize about a new attack they're monitoring. Here are the raw details as I received them:
As the result of a joint effort between GMO cloud and Armorize, Wayne Huang and GMO Cloud spokesperson Emiko Okamoto, are releasing the attached blog post detailing a newly identified anti-virus attack. This ransomeware is known as Personal Shield Pro.
Additional details:
--Impact: Visitors to infected websites are infected permanently with the fake antivirus ransomware "Personal Shield Pro."
--Cause: Vulnerability inside a plugin package offered on the official OpenX website openx.org.
--Exploit pack: The g01pack exploit pack.
--Attack group: Internally we dub it the "dyndns" group, who was responsible for multiple Clicksor incidents that we reported in May, as well as other types of Web malware injection incidents tracing much further back.
--For further information, please see this video: http://www.youtube.com/watch?v=MeyCTBlI81w&feature=player_embedded
--There are a number of US sites and international sites infected but the total magnitude is unknown.
I'm told their blog post will appear sometime this afternoon, complete with screen captures and other graphics.
--Bill Brenner
Print
As the result of a joint effort between GMO cloud and Armorize, Wayne Huang and GMO Cloud spokesperson Emiko Okamoto, are releasing the attached blog post detailing a newly identified anti-virus attack. This ransomeware is known as Personal Shield Pro.
Additional details:
--Impact: Visitors to infected websites are infected permanently with the fake antivirus ransomware "Personal Shield Pro."
--Cause: Vulnerability inside a plugin package offered on the official OpenX website openx.org.
--Exploit pack: The g01pack exploit pack.
--Attack group: Internally we dub it the "dyndns" group, who was responsible for multiple Clicksor incidents that we reported in May, as well as other types of Web malware injection incidents tracing much further back.
--For further information, please see this video: http://www.youtube.com/watch?v=MeyCTBlI81w&feature=player_embedded
--There are a number of US sites and international sites infected but the total magnitude is unknown.
I'm told their blog post will appear sometime this afternoon, complete with screen captures and other graphics.
--Bill Brenner
Previous Post: HIPAA violation survival techniques 101Next Post: Fun with Facebook Video and Casey Anthony
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
