Blue Coat identifies New Fake Anti-Virus Attack
Blue Coat Systems has announced that Blue Coat Security Labs has identified a new variant of a fake anti-virus attack that uses web advertisements to relay users into the Shnakule network. The Blue Coat WebPulse service identified the fake anti-virus payloads as malware and automatically blocked them, protecting 75 million customers worldwide.
The latest Shnakule attack is a three-staged attack that utilizes Web advertisements. In the first stage, ad servers were set up as independent entities, not directly associated with each other or any existing Shnakule sub-networks, to route users to malware. In the second stage, a new Shnakule subnetwork relays users to the malware. The final stage is the malware payload, which changes frequently in an attempt to avoid detection from anti-virus software. The malware payload comes from servers that have already been identified by WebPulse as part of the Shnakule Malware Delivery Network. Because of its visibility into the Shnakule network, the Blue Coat WebPulse service was already blocking the malware payload before the attack was launched.
"Though this attack was initially launched in late June, it is still continuing, and in a recent check of the payload by Blue Coat Security Labs against 43 anti-virus engines only two of those engines identified the payload as malicious or suspicious. Web-based malware changes far too quickly these days for traditional single-layer defences like anti-virus to keep pace. The most successful defence against this type of attack is one like WebPulse that can correlate the evidence and automatically identify and block the network responsible, regardless of how the payload is encrypted," said Chris Larsen, Senior Malware Researcher, Blue Coat Systems.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.