Miles de sitios web pirateados están infectando a los visitantes con malware

Miles de sitios web pirateados están infectando a los visitantes con malware

La campaña inusualmente avanzada infecta a las personas que visitan una variedad de sitios poco seguros.

DAN GOODIN – 4/11/2018

unnamed

Wired UK / Shuttershock

94

Miles de sitios web pirateados se han convertido en participantes involuntarios de un esquema avanzado que usa notificaciones de actualizaciones falsas para instalar malware bancario y troyanos de acceso remoto en las computadoras de los visitantes, dijo el martes un investigador informático.

La campaña, que se ha estado ejecutando durante al menos cuatro meses, puede poner en peligro los sitios web que ejecutan una variedad de sistemas de administración de contenido, incluidos WordPress, Joomla y SquareSpace. Eso es según una publicación de blog de Jérôme Segura, analista líder de inteligencia de malware en Malwarebytes. Los hackers, escribió, hacen que los sitios muestren mensajes de aspecto auténtico a un número limitado de visitantes que, dependiendo de los navegadores que estén usando, les indican que instalen actualizaciones para Firefox, Chrome o Flash.

Agrandar

Malwarebytes

Para evitar la detección, los atacantes identifican objetivos potenciales para garantizar, entre otras cosas, que las notificaciones de actualización falsas se sirvan en una única dirección IP no más de una vez. Otro testimonio del ingenio de los atacantes: las plantillas de actualización se alojan en sitios web pirateados, mientras que los objetivos cuidadosamente seleccionados que caen en la estafa descargan un archivo JavaScript malicioso de DropBox. El JavaScript comprueba aún más las posibles marcas para las máquinas virtuales y las cajas de arena antes de entregar su carga final. El archivo ejecutable resultante está firmado por un certificado digital de confianza del sistema operativo que además otorga a las notificaciones falsas la apariencia de legitimidad.

«Esta campaña se basa en un mecanismo de entrega que aprovecha la ingeniería social y abusa de un servicio legítimo de alojamiento de archivos», escribió Segura. «El archivo ‘cebo’ consiste en un guión en lugar de un ejecutable malicioso, lo que les da a los atacantes la flexibilidad para desarrollar técnicas interesantes de ofuscación y toma de huellas dactilares».

Volando bajo el radar

Los atacantes también vuelan bajo el radar mediante JavaScript altamente ofuscado. Entre los programas maliciosos instalados en la campaña se encontraba el malware bancario Chthonic y una versión trojanizada de la aplicación comercial de acceso remoto de NetSupport.

Malwarebytes

Malwarebytes no pudo determinar con precisión cuántos sitios se han visto comprometidos. Usando un simple script de rastreo, los investigadores identificaron varios cientos de sitios comprometidos de WordPress y Joomla, lo que los llevó a estimar que había miles de tales infecciones. Esta consulta sobre el motor de búsqueda de código fuente PublicWWW reveló un poco más de 900 sitios SquareSpace infectados más temprano el martes. En el momento en que se publicó esta publicación, el número había caído a 774. Esta publicación del investigador de seguridad independiente BroadAnalysis muestra que la campaña comenzó a más tardar el 20 de diciembre. Los sitios fueron pirateados porque los operadores no instalaron las actualizaciones de seguridad disponibles o posiblemente no siguieron otras medidas de seguridad básicas, dijo Segura.

Otras publicaciones en Internet muestran la campaña en acción también. Este hilo de Twitter del mes pasado documenta dos sitios comprometidos de SquareSpace. Una publicación del 28 de febrero en un foro de soporte de SquareSpace informa de otro compromiso, con otro desarrollador del sitio experimentando lo mismo casi dos semanas después.

Las campañas que usan sitios web comprometidos para atacar a los visitantes se han vuelto cada vez más comunes durante la última década. Por lo general, se utilizan en estafas de soporte informático que intentan engañar a las personas para que paguen por solucionar problemas inexistentes de la computadora. Más recientemente, los sitios web comprometidos se han utilizado para instalar ransomware o malware que explota subrepticiamente la criptomoneda. La capacidad de esta estafa de actualización falsa para permanecer oculta durante al menos cuatro meses, junto con su adopción de malware bancario y troyanos de puerta trasera, hace que se destaque.

«El encubrimiento utilizado en esta campaña es lo que llamó nuestra atención porque lo diferencia de otras cadenas de infección que son mucho menos sofisticadas y más fáciles de identificar y bloquear», dijo Segura a Ars. «Otro aspecto interesante es el hecho de que estas actualizaciones falsas se distribuyen normalmente a través de publicidad maliciosa, que suele ser más económica. Recientemente, una de las cargas más populares de los sitios comprometidos fue la de las estafas de soporte técnico a través de los casilleros de los navegadores. tendencia para malware mucho más serio, como robadores y herramientas de administración remota en este caso «.

Fuente: https://arstechnica.com/information-technology/2018/04/nasty-malware-campaign-using-thousands-of-hacked-sites-hid-for-months/

131 thoughts on “Miles de sitios web pirateados están infectando a los visitantes con malware

  1. Appreciating the time and effort you put into your website and detailed information you offer.

    It’s good to come across a blog every once in a while that isn’t the same unwanted rehashed information. Wonderful read!
    I’ve saved your site and I’m adding your RSS feeds to my Google account.

  2. My spouse and I stumbled over here from a different page and thought I might check things out.

    I like what I see so i am just following
    you. Look forward to going over your web page again.

  3. My spouse and I absolutely love your blog and find many of your
    post’s to be exactly what I’m looking for. can you offer guest
    writers to write content to suit your needs? I wouldn’t mind producing
    a post or elaborating on many of the subjects you write
    related to here. Again, awesome site!

  4. I love your blog.. very nice colors & theme. Did you create this website yourself or did you hire someone to do
    it for you? Plz reply as I’m looking to create my own blog and would
    like to find out where u got this from. appreciate
    it

  5. Attractive section of content. I just stumbled upon your blog and in accession capital
    to assert that I acquire in fact enjoyed account your blog posts.
    Any way I will be subscribing to your augment and
    even I achievement you access consistently quickly.

  6. You really make it appear so easy together with your presentation but I to find this matter to be really
    something which I feel I might by no means understand.
    It seems too complex and very broad for me. I am having a look ahead in your subsequent put up, I will attempt to get the hold of it!

  7. Excellent post. I was checking constantly this blog and I’m impressed!
    Very useful info specifically the last part 🙂 I care for such info much.
    I was looking for this particular info for a long time.
    Thank you and good luck.

  8. A motivating discussion is definitely worth comment.
    There’s no doubt that that you should write more
    on this subject, it might not be a taboo matter but generally people don’t discuss
    such issues. To the next! All the best!!

  9. Superb blog you have here but I was curious if you knew of any community forums that
    cover the same topics discussed in this article? I’d really like to be
    a part of community where I can get comments from other experienced people that share
    the same interest. If you have any suggestions, please let me know.

    Cheers!

  10. hello!,I like your writing so much! percentage we communicate
    extra approximately your article on AOL? I need an expert in this house to solve my problem.

    Maybe that is you! Having a look ahead to
    look you.

  11. Have you ever considered publishing an ebook or guest authoring on other blogs?
    I have a blog centered on the same ideas you discuss and would really like to have you share some stories/information. I know my readers
    would appreciate your work. If you are even remotely interested,
    feel free to send me an e-mail.

  12. Hi there just wanted to give you a quick heads up and let you know a few of
    the pictures aren’t loading properly. I’m not sure why but I think its a linking issue.
    I’ve tried it in two different internet browsers and both show the same results.

  13. I’m not sure where you are getting your info, but good topic.
    I needs to spend some time learning more or understanding more.
    Thanks for magnificent info I was looking for this information for my mission.

  14. Excellent beat ! I wish to apprentice while you
    amend your website, how can i subscribe for a blog website?

    The account helped me a acceptable deal.
    I had been tiny bit acquainted of this your broadcast provided bright clear idea

    Here is my blog post :: Niagara XL Review

  15. I believe this is one of the most significant info for me.
    And i’m glad studying your article. But want
    to observation on some normal issues, The web site taste is ideal,
    the articles is truly excellent :D. Excellent activity, cheers.

    Also visit my homepage … CoolEdge AC Review

  16. Simply desire to say your article is as amazing.
    The clearness in your post is just spectacular and i
    could assume you’re an expert on this subject.
    Well with your permission let me to grab your RSS feed to
    keep updated with forthcoming post. Thanks a million and please keep up the gratifying work.

  17. I’m not sure exactly why but this website is loading extremely slow for
    me. Is anyone else having this issue or is it a problem on my end?

    I’ll check back later on and see if the problem still exists.

    My website: BodyCore Keto Reviews (http://www.hltkd.tw)

  18. I was wondering if you ever considered changing the
    page layout of your site? Its very well
    written; I love what youve got to say. But maybe you could a little more in the way of content so
    people could connect with it better. Youve got an awful lot of text for only having one
    or 2 pictures. Maybe you could space it out better?

  19. Its like you read my mind! You seem to know so much
    about this, like you wrote the book in it or something.
    I think that you could do with some pics to drive the message home a little bit,
    but other than that, this is excellent blog. A fantastic read.

    I will certainly be back.

  20. This is really attention-grabbing, You are a very professional blogger.
    I have joined your rss feed and stay up for searching for more of your great
    post. Also, I have shared your web site in my social networks

  21. Having read this I thought it was extremely informative.
    I appreciate you finding the time and energy to put this information together.
    I once again find myself personally spending a significant amount of time both
    reading and leaving comments. But so what, it was still worthwhile!

  22. Nice weblog here! Additionally your site quite a bit up very fast!
    What host are you using? Can I am getting your associate hyperlink on your host?
    I wish my web site loaded up as quickly as yours lol

  23. I’m really loving the theme/design of your blog. Do you ever run into any internet browser compatibility issues?
    A number of my blog readers have complained about my blog not operating correctly in Explorer but looks great in Firefox.
    Do you have any suggestions to help fix this problem?

  24. My brother suggested I would possibly like this blog. He was totally right.

    This post actually made my day. You can not imagine just how so much time I had spent for this information! Thank you!

  25. Thank you for the auspicious writeup. It in fact used to
    be a entertainment account it. Look complicated to more introduced agreeable
    from you! However, how could we communicate?

  26. The other day, while I was at work, my cousin stole my iPad and tested to see if
    it can survive a forty foot drop, just so
    she can be a youtube sensation. My iPad is now destroyed and she has 83 views.
    I know this is entirely off topic but I had to share it with someone!

  27. We absolutely love your blog and find the majority
    of your post’s to be exactly I’m looking for. Do you offer guest writers to write content available for you?
    I wouldn’t mind writing a post or elaborating on many of the subjects you write about here.

    Again, awesome blog!

  28. It’s a pity you don’t have a donate button! I’d certainly donate
    to this fantastic blog! I guess for now i’ll settle for bookmarking and adding your RSS feed to my Google account.
    I look forward to brand new updates and will talk about this site with my
    Facebook group. Talk soon!

  29. After looking at a few of the articles on your web site, I
    truly like your way of writing a blog. I added it to my bookmark webpage list and will be checking back soon. Please check out my web
    site as well and let me know what you think.

  30. It is the best time to make a few plans for the long run and it is time
    to be happy. I have read this submit and if I may just I wish to suggest you some fascinating issues or advice.
    Perhaps you could write next articles regarding this article.
    I want to learn more things approximately it!

  31. Ahaa, its nice conversation on the topic of this piece of writing at this place at this web site, I have read all that, so
    now me also commenting here.

  32. I really like your blog.. very nice colors & theme. Did
    you design this website yourself or did you hire someone to do it for
    you? Plz answer back as I’m looking to create my own blog and would like to know where u got this
    from. kudos

  33. What’s up everyone, it’s my first go to see at this web page,
    and piece of writing is actually fruitful for me, keep up posting such
    articles or reviews.

  34. Hi would you mind letting me know which hosting
    company you’re utilizing? I’ve loaded your blog in 3 different browsers and I must say this blog
    loads a lot quicker then most. Can you recommend a good web hosting provider at
    a reasonable price? Many thanks, I appreciate it!

  35. When someone writes an article he/she maintains the idea
    You ave made some really good points there. I checked on the web for more info about the issue and found most people will go along with your views on this web site.
    There is definately a great deal to know about this issue. I really like all the points you have made.

  36. Hey terrific website! Does running a blog similar to this require a lot of work? I’ve absolutely no knowledge of programming however I had been hoping to start my own blog in the near future. Anyhow, should you have any suggestions or tips for new blog owners please share. I know this is off subject but I simply had to ask. Thank you!

  37. fantastic put up, very informative. I ponder why the opposite specialists of this sector don’t notice this.
    You must proceed your writing. I am confident, you’ve a great readers’ base already!

  38. excellent issues altogether, you simply gained a logo new reader.
    What may you suggest about your put up that you simply made a few days in the past?
    Any sure?

  39. I’m truly enjoying the design and layout of your
    blog. It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more
    often. Did you hire out a designer to create your theme?

    Superb work!

  40. I simply could not depart your website before suggesting that I really loved the usual info a person provide in your visitors? Is going to be again regularly to check up on new posts.

  41. I do believe all of the ideas you have presented in your post.
    They are really convincing and will certainly work. Still,
    the posts are too quick for newbies. May you please extend them a bit from subsequent
    time? Thanks for the post.

    Take a look at my web page; 우리카지노

  42. Hello, i read your blog from time to time and i own a similar one and
    i was just curious if you get a lot of spam comments? If so how do you protect against it, any plugin or anything you can suggest?
    I get so much lately it’s driving me crazy so any support
    is very much appreciated.

  43. I have been browsing on-line more than 3 hours as of late, yet I
    by no means found any attention-grabbing article like yours.
    It’s lovely worth sufficient for me. In my opinion, if all site owners and
    bloggers made just right content material as you did, the internet can be a lot more
    useful than ever before.

    Here is my web-site :: 우리카지노

  44. Hi every one, here every one is sharing these kinds of knowledge, thus
    it’s good to read this website, and I used to pay
    a visit this blog daily.

  45. Amazing blog! Do you have any hints for aspiring writers?
    I’m hoping to start my own site soon but I’m a little lost on everything.
    Would you propose starting with a free platform like WordPress or go for a paid
    option? There are so many options out there that I’m totally overwhelmed ..
    Any suggestions? Appreciate it!

  46. Do you have a spam problem on this site; I also am a blogger, and I
    was curious about your situation; we have developed some nice methods and we are looking to trade techniques with other folks,
    be sure to shoot me an email if interested.

  47. Greetings! This is my 1st comment here so I just wanted to give a quick shout out and say I really enjoy reading through your blog posts.
    Can you suggest any other blogs/websites/forums that deal with the same subjects?
    Thanks!

  48. Hey just wanted to give you a quick heads up. The words
    in your content seem to be running off the screen in Firefox.
    I’m not sure if this is a format issue or something
    to do with browser compatibility but I figured I’d post to
    let you know. The style and design look great though! Hope
    you get the problem solved soon. Thanks

    Also visit my blog: 우리카지노

  49. Hi there this is kinda of off topic but I was wondering if blogs use WYSIWYG editors
    or if you have to manually code with HTML. I’m starting a blog soon but have no coding expertise so I
    wanted to get guidance from someone with experience. Any help would be greatly appreciated!

    My website – 우리카지노

  50. A fascinating discussion is definitely worth comment. I do think that you need to publish more about
    this issue, it may not be a taboo subject but generally people don’t speak about such issues.
    To the next! All the best!!

    Feel free to visit my blog post – 우리카지노

  51. Excellent goods from you, man. I’ve understand your stuff previous to and you’re just extremely great.

    I really like what you have acquired here, really like what you’re stating and
    the way in which you say it. You make it enjoyable and you still
    care for to keep it smart. I can not wait to read much more from you.
    This is actually a wonderful website.

    Take a look at my website – 우리카지노

  52. My developer is trying to convince me to move to .net from PHP.

    I have always disliked the idea because of the expenses.
    But he’s tryiong none the less. I’ve been using Movable-type on a variety of websites for about
    a year and am worried about switching to another platform.
    I have heard good things about blogengine.net.
    Is there a way I can import all my wordpress posts into it?
    Any help would be really appreciated!

    Feel free to visit my website: 우리카지노

  53. I definitely wanted to send a word in order to express gratitude to you for all of the magnificent
    strategies you are giving out on this site. My considerable internet investigation has finally been recognized with wonderful knowledge
    to talk about with my classmates and friends. I ‘d declare
    that we readers actually are unquestionably lucky to exist in a fine site with
    very many wonderful people with very helpful concepts.

    I feel extremely happy to have seen the web pages and
    look forward to many more excellent minutes reading here.
    Thank you again for a lot of things.

  54. We’re a bunch of volunteers and starting a brand new scheme in our community.

    Your website provided us with valuable info to work on. You’ve done a formidable activity and our whole community shall be thankful
    to you.

  55. You actually make it seem so easy with your presentation but I find this matter
    to be actually something that I think I would never understand.
    It seems too complicated and extremely broad for me.
    I’m looking forward for your next post, I’ll try to get the hang of
    it!

    Feel free to visit my web page: 우리카지노

  56. I’m extremely pleased to find this great site.
    I need to to thank you for your time for
    this particularly fantastic read!! I definitely
    savored every bit of it and I have you book-marked to check out new stuff in your web
    site.

    Check out my website; 우리카지노

Leave a Reply

Your email address will not be published.