Drive-By Downloads Attack Adobe Zero-Day Flaw

Adobe released a security advisory www.mcafee.com/activate warning the users of a zero-day vulnerability www.mcafee.com/activate download in Adobe Flash Player Versions 10.2.152.33 and earlier. An exploit targeting this vulnerability was embedded inside Microsoft Excel documents and was used to deliver the malicious code www.mcafee.com/activate product key to the victims. McAfee Labs performed a detailed technical analysis of the exploit and  mcafee.com/activate product key learned that the Flash Player object embedded inside www.mcafee/activate the Excel document carried the malicious shellcode (shown below), which in turn loaded another Flash object to exploit the vulnerability via the classical heap-spray technique.
 
A couple of weeks ago we came across another variation in this attack via a drive-by download through a compromised mcafee.com/activate product key web server.

In a drive-by download www.mcafee.com/activate download, a user visits a legitimate www.mcafee/activate but infected web page and is redirected to a malicious server. Most of these infections are malicious iframes injected into a JavaScript exploit on the www.mcafee.com/activate compromised web server, resulting in the malware installing www.mcafee.com/activate product key itself onto the user’s machine. This is a common and widely known attack method.

A drive-by download usually goes like this:

This insertion will make the www.mcafee.com/activate product key browser request www.mcafee/activate the JavaScript exploit from the compromised server, which in turn  www.mcafee.com/activate contains the links to www.mcafee.com/activate download the malicious server mcafee.com/activate product key.

Key findings in the CIP report

  • Eighty percent of respondents have faced a www.mcafee/activate large-scale denial of service attack
  • Twenty-five percent of respondents have been victims of extortion attempts
  • More than 40 percent of www.mcafee.com/activate product key executives believe that www.mcafee/activate their industry’s vulnerability has increased
  • Almost 30 percent believe www.mcafee.com/activate download their company is not prepared for a cyberattack
  • More than 40 percent expect a major cyberattack within the next year
  • Energy sector mcafee.com/activate product key increased its adoption of  www.mcafee/activate security technologies by only a single percentage point, at 51 percent
  • Oil and gas industries increased www.mcafee.com/activate by only three percentage points, at 48 percent
  • Nearly 70 percent of respondents www.mcafee.com/activate download frequently found mcafee.com/activate product key malware www.mcafee/activate designed to sabotage their systems
  • A quarter of respondents www.mcafee.com/activate product key reported daily or weekly DDoS attacks

 

Looking into the content of the www.mcafee.com/activate JavaScript exploit, we see the embedded iframe source that  mcafee.com/activate product key redirects www.mcafee.com/activate download the browser to the malware-hosting web server, www.mcafee/activate from which the exploit www.mcafee.com/activate product key downloads the malicious Adobe Flash files.

Comments

Post a Comment

Popular posts from this blog

Introducing tracking prevention, now available in Microsoft Edge preview builds

Image
Today, we’re releasing an experimental preview of tracking prevention for Microsoft Edge. We features of build microsoft edge as one of the concepts we’re exploring www.mcafee.com/activate product key to offer greater transparency and control over your online data . Microsoft Edge Insiders can www.mcafee/activate now try out tracking mcafee.com/activate product key prevention by enabling the experimental flag on Microsoft Edge preview builds starting with version 77.0.203.0 (today’s Canary channel release).  (Note: Today’s Canary release www.mcafee.com/activate download is not currently www.mcafee.com/activate available for macOS due to a build issues. Tracking prevention will be available in the next update to the Canary channel on macOS.) Tracking prevention is designed to protect you from being tracked by websites that you aren’t accessing directly. Whenever a website is visited, trackers from other sites may save information in the browser ww...
Read more

Why businesses need to back up

Image
For almost any business, information is critical: documents, contacts, contracts, correspondence, accounts, and so on. Modern technologies help not only to manage business-critical data  www.mcafee.com/activate product key , but also to lose  www.mcafee/activate  it in the blink of an eye. For most companies, losing access to data means the suspension  www.mcafee.com/activate download  of all business processes  mcafee.com/activate product key , inevitably leading to lost profit, damage to reputation, and recovery costs. Rest assured, there is no shortage  www.mcafee.com/activate  of data loss scenarios out there waiting to happen — and almost none of them has anything to do with the quality of your equipment. Here are just a few. Ransomware An employee might click a malicious file downloaded from the Internet or an attachment in an e-mail sent by cybercriminals. Doing so doesn’t just encrypt data on the local machine; ransomware has a nasty habi...
Read more

Hackers and their motives

Image
It's  true that recent  www.mcafee.com/activate cyber attacks have ranged from the catastrophic effects of   that paralyze corporate mcafee.com/activate product key and urban functions www.mcafee.com/activate product key to  data www.mcafee/activate breaches that expose millions www.mcafee.com/activate download of customers. , I don't hear much about hackers themselves.  Not surprisingly, many  www.mcafee.com/activate hackers hide their identities because of their criminal activity www.mcafee.com/activate download.  But you might be surprised to find that not  www.mcafee/activate all hackers are bad.  There are all kinds of hackers in the www.mcafee.com/activate product key rapidly evolving field of technology.   The hacker's actions and their purpose are shown below.   White Hat Hacker: A   justice hacker and computer security expert who specializes in penetration testing and other technique...
Read more