Online news exploit, or being exploited?
By Trend Micro Inc April 12, 2013
- In Trend Micro survey, 44% respondents had no qualms sharing emails and contact numbers with news portals
- Malaysians are increasingly going online for their news fix, but seem lackadaisical about cyber-safety
ON a daily basis, many people spend most of their time doing one of three things on the Internet – reading emails, reading the news online while surfing the Internet, and keeping up with friends and family via social networks.
In February, there were reports on the Los Angeles Times scrubbing its website of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the previous six weeks. It’s not clear how many readers may have been impacted by the attack, which appears to have been limited to the Offers and Deals page of the LA Times website.
Site metrics firm Alexa says this portion of the newspaper’s site receives about 0.12% of the site’s overall traffic, which according to the publication are about 18 million unique visitors per month. Assuming the site was compromised from December 23, 2012 through the second week in February 2013, some 324,000 Los Angeles Times readers were likely exposed to the attack.
In fact, the Los Angeles Times incident is unfortunately all too common. Most of the time, these websites that detected malicious content are innocent, legitimate sites that have been hacked.
What took place was that once attackers have figured out a way to inject content into a website, the rest of the intrusion follows a familiar script whereby the attackers add malicious code. When unsuspecting users visit the legitimate site, their browsers also automatically pull down the exploit kit code from the unauthorized server which is usually termed a ‘Blackhole.’
According to Trend Micro in a GMA News report, the new kit, dubbed Whitehole Exploit Kit, uses a similar code as a Blackhole, but does not bother to hide itself. Other notable features of this new toolkit include the ability to evade antimalware detections, prevent Google Safe Browsing from blocking it, and the ability to load a maximum of 20 files at once.
An analysis of the sample exploit malware detected as a Trojan, exploits vulnerabilities to download malicious files on a victim's computer. It then downloads a malware, noting the Whitehole that downloads other malware, and pushes fake applications.
This specific Trojan variant connects to certain websites to send and receive information as well as terminates certain processes. It also downloads additional malicious files onto already infected systems, whilst ransomware typically locks systems until users pay money via specific payment modes.
Online news consumption in Malaysia
In Malaysia, we have seen online news consumption on the rise, with many now getting news on their mobile phones, tablets, laptops and other platforms.
According to a recent study conducted by Trend Micro with its Malaysian Facebook fans that polled more than a thousand people, 70% of the respondents said they get their news via online sites and portals. Apart from news sites, over 90% users also received their local news from Facebook, Twitter, blog sites, forums and other networking sites.
About 50% of the respondents are also comfortable with sharing their login IDs and passwords with others to access online portals that require membership. Furthermore, 50% of respondents do click on appealing promotions and advertisements pop-ups while surfing the Internet; 22% do it for fun or because they’re curious; and the remaining 28% either ignore or disable pop-ups.
As much as 44% of the respondents said they have no qualms sharing their information such as emails and contact numbers with these news portals. Interestingly, about 25% of the respondents said they encountered scenarios of security breaches where their personal information ended up in other online portals that they don’t access.
In such cases, 65% said they would lodge a report with the administrator, 10% said they would lodge a police report and 25% don’t see a need for any action.
Need for smarter, safer digital social culture
The survey findings were not entirely new or surprising. Millions of people are getting their news online or interacting and socializing on websites, creating a large pool of potential victims that attracts cybercriminals.
Click-jacking, fake applications, malvertising and social engineering are just some of the tactics used in order to deliver malware.
To be secured, one needs more than the standard antivirus and spyware protection. Ensure your solution offers protection on WiFi hotspots, antispam blocking, and search engine result ratings that will help consumer to decide if a website is safe to visit.