The upswing in the use of bogus codec/flash player/video pages, has been a major factor in a assisting the efficiency level and infection rates of malware campaigns. The use of these visually pop ups mimicking legitimate software updates is what I am referring to as Visual Social Engineering, this same tacktic is the single most effective method for many drive by download infections mainly the fake AV software.
Cyber criminals have successfully managed to monetize the use of visual social engineering and as a result of its success there is no end in sight.
The latest attempt to continue monetizing the scheme comes with the release of a social engineering driven web malware exploitation kit that has surfaced on a few cybercrime related marketplaces. The main exploit modules in the kit are in the form of "Missing Flash Player", "Outdated Flash Player", "Missing Codec", and "Codec Required" modules.
These modules represent the most dominant attack vectors for self-infection malware due to the users' gullibility, and the mere quality of the actual spoof.
In one instance that I analyzed upon clicking the video pictured, the end user was redirected to 67.228.143.62 - Email:fullhdvid@gmail.com and then to world-news-scandels .com where the codec was served from execfreefiles .com
Multiple other fake codec domains are parked on the same IPs:
216.240.143.7
sunny-tube-world. com
onlysteeltube. com
fllcorp .com
In coclusion, thanks for reading my 1st blogpost, and research will continue, and the final word is verify before you click...
Amazing read Munya, I must admit that now I'm afraid to click on any "ok" button. More importantly, I'm overwhelmed by dominant attack vectors due to my ultruistic trust and gullibility. Are there any classes I can take or information/support groups?
ReplyDelete