heads up on a stenographic ad attack

Talk about internet security, computer security, personal security, your social security number...
Post Reply
Senior Member
Posts: 120
Joined: Tue Nov 26, 2013 9:44 pm

heads up on a stenographic ad attack

Post by morganism » Sat Dec 10, 2016 12:32 am

"Millions of readers who visited popular news websites have been targeted by a series of malicious ads redirecting to an exploit kit exploiting several Flash vulnerabilities."

"Using the known Internet Explorer vulnerability CVE-2016-0162, the encoded script attempts to verify that it is not being run in a monitored environment such as a malware analyst’s machine.

”If the script does not detect any signs of monitoring, it redirects to the Stegano exploit kit’s landing page, via the TinyURL service. The landing page loads a Flash file that is able to exploit three different vulnerabilities (CVE-2015-8651, CVE-2016-1019, CVE-2016-4117), depending on the version of Flash found on the victim’s system."


checks for IE and old Java installs
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130410 Firefox/23.0

User avatar
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia

Re: heads up on a stenographic ad attack

Post by Thrawn » Sun Dec 11, 2016 9:48 pm

Basically the only novel aspect of this is the concealment of the payload using steganography. The threat vector - scripts from a domain that cannot be trusted - is unchanged.

From the perspective of a research lab trying to study the attack, it's important, but from the perspective of an end-user trying to defend against it, it's the same as any other malvertising.

(In fact, it's theoretically slightly easier to block, because blocking scripts or images will stop this one. I actually do sometimes allow scripts while blocking images, on my mobile.)
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0

Post Reply