Computers that secure 360 ​​Total Security software are attacked

Malwarebytes writes on his blog that he has just identified a new set of exploits that are hosted on Malaysian and Singapore servers, and that victims of malware fall into users who, due to a malicious iframe , are redirected to a dangerous site containing a database Exploit Kit.

The Exploit Kit consists of ready-made exploit sets and a database in which statistics from computer infections are saved. Exploit Kit automates the exploitation of client-side vulnerabilities by forcing the browser to transparently download (drive-by download) malicious backdoors, spyware, Trojans or other malicious software. Exploit Kits most often fall popular programs such as browsers, programs from Adobe, Oracle and Microsoft. The key feature of Exploit Kits is their ease of use, which can be used by people who do not have specialist knowledge of programming and security. The attacker does not even need to know how to create an exploit, all you need is a shared and user-friendly graphical interface that helps you track your campaigns.

The victim who visits the infected website will cause an attack on the host system, but only if the attacked computer will protect the antivirus software from Qihoo - 360 Total Security or 360 Total Security Essentials.

Hosted on Malaysian and Singapore servers, the exploit kit automatically initiates a drive-by download attack on computers with outdated software - mainly Internet Explorer (CVE-2014-6332) is exploited, but also Java (CVE-2011-3544 and CVE-2012-4681) and Flash (CVE-2014-1776?).

After a successful attack, the malicious payload downloads the malware to the host system using HTTP or FTP - depending on the detected vulnerability.

However, if the 360 ​​Total Security or 360 Total Security Essentials antivirus is identified on the victim's computer, the exploit kit will not trigger the malicious payload.

The choice of attacked systems was not a coincidence. Windows XP is great, especially in Asian countries and in China, where some studies estimate ( Zhongguancun Online ) that the vast majority of Chinese PC users (70%) still use Windows XP and Internet Explorer.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.