Popular Website caught spreading crypto ransomware

[sman]

Certified Ethical Hacker website caught spreading crypto ransomware

- Quote

For the past four days, including during the hour that this post was being prepared on Thursday morning, a major security certification organization has been spreading TeslaCrypt malware—despite repeated warnings from outside researchers.

EC-Council, the Albuquerque, New Mexico-based professional organization that administers the Certified Ethical Hacker program, started spreading the scourge on Monday. Shortly afterward, researchers from security firm Fox IT notified EC-Council officials that one of their subdomains—which just happens to provide online training for computer security students—had come under the spell of Angler, a toolkit sold online that provides powerful Web drive-by exploits. On Thursday, after receiving no reply and still detecting that the site was infected, Fox IT published this blog post, apparently under the reasonable belief that when attempts to privately inform the company fail, it's reasonable to go public.

Like so many drive-by attack campaigns, the one hitting the EC-Council is designed to be vexingly hard for researchers to replicate. It targets only visitors using Internet Explorer and then only when they come to the site from Google, Bing, or another search engine. Even when these conditions are met, people from certain IP addresses—say those in certain geographic locales—are also spared. The EC-Council pages of those who aren't spared then receive embedded code that redirects the browser to a chain of malicious domains that host the Angler exploits.

- Unquote

read on in http://arstechnica.com/security/2016/03/certified-ethical-hacker-website-caught-spreading-crypto-ransomware/?utm_content=bufferd8cc1&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer

 

[David H. Lipman]

Any site can be compromised if there are exploitable software vulnerabilities, has personnel with poor security, personnel who use weak passwords or through Phishing.

Compromised sites can be used and a landing page for malicious and/or nefarious activity.

The ONLY thing worthy in that post is the quote - " ...despite repeated warnings from outside researchers."

The lesson is site owners must patch exploitable software vulnerabilities,educate personnel on proper security techniques, have personnel only use strong passwords and teach personnel about Phishing.  We call this Security Awareness Training.

Most of all, site owners much take immediate action if/when they are cognizant or have been notified of a compromise.