Fourth of July Malware Campaign Targets Vacationers
Cybercriminals Launch Carefully Timed Malware Campaign to Coincide With Major US Travel Holiday
SUNNYVALE, CA — (Marketwired) — 07/04/14 — Researchers from Proofpoint, Inc. (NASDAQ: PFPT), a leading security-as-a-service provider, have discovered a nasty piece of malware which is targeting vacationers who visit US travel sites, just in time for the July 4th holiday.
The discovery shows that popular travel destination websites for cities including Boston, Salt Lake City, Houston, Monterey, Rochester, Myrtle Beach,Victoria and Utah Valley have been exploited and are serving malware to unsuspecting visitors. Proofpoint can also confirm that the command-and-control infrastructure of the cyber criminals behind the attacks all appears to be based in the Ukraine.
In response to the discovery, Mike Horn, VP, Threat Response Products at Proofpoint, said: “This is a good example of how poorly protected websites play a big role in the distribution of malware. Users might be directed to these sites by a search engine and they have no idea that just by visiting the site they can become infected. We are also seeing a large number of phishing campaigns which direct people to the legitimate travel sites which have been infected with malware by the hackers. The attacks were brought to our attention by our Targeted Attack Protection technology.”
When users visit one of the infected websites a web exploit kit is run that then downloads additional malware onto their machine. However, more concerning is the fact that the exploit being used has very low detection rates with traditional antivirus solutions. When Proofpoint tested the piece of malware they discovered it was able to bypass all but four out of the 51 antivirus products on Virus Total. This makes it a particularly dangerous exploit for consumers.