Jump to content

Popular Website caught spreading crypto ransomware


Recommended Posts

Certified Ethical Hacker website caught spreading crypto ransomware


- Quote

For the past four days, including during the hour that this post was being prepared on Thursday morning, a major security certification organization has been spreading TeslaCrypt malware—despite repeated warnings from outside researchers.

EC-Council, the Albuquerque, New Mexico-based professional organization that administers the Certified Ethical Hacker program, started spreading the scourge on Monday. Shortly afterward, researchers from security firm Fox IT notified EC-Council officials that one of their subdomains—which just happens to provide online training for computer security students—had come under the spell of Angler, a toolkit sold online that provides powerful Web drive-by exploits. On Thursday, after receiving no reply and still detecting that the site was infected, Fox IT published this blog post, apparently under the reasonable belief that when attempts to privately inform the company fail, it's reasonable to go public.

Like so many drive-by attack campaigns, the one hitting the EC-Council is designed to be vexingly hard for researchers to replicate. It targets only visitors using Internet Explorer and then only when they come to the site from Google, Bing, or another search engine. Even when these conditions are met, people from certain IP addresses—say those in certain geographic locales—are also spared. The EC-Council pages of those who aren't spared then receive embedded code that redirects the browser to a chain of malicious domains that host the Angler exploits.

- Unquote

read on in http://arstechnica.com/security/2016/03/certified-ethical-hacker-website-caught-spreading-crypto-ransomware/?utm_content=bufferd8cc1&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer


Link to post
Share on other sites

Any site can be compromised if there are exploitable software vulnerabilities, has personnel with poor security, personnel who use weak passwords or through Phishing.

Compromised sites can be used and a landing page for malicious and/or nefarious activity.

The ONLY thing worthy in that post is the quote - " ...despite repeated warnings from outside researchers."

The lesson is site owners must patch exploitable software vulnerabilities,educate personnel on proper security techniques, have personnel only use strong passwords and teach personnel about Phishing.  We call this Security Awareness Training.

Most of all, site owners much take immediate action if/when they are cognizant or have been notified of a compromise.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.