Quick Heal De­tects ‘Cer­ber Ran­somware’ de­liv­ered from an In­dian Bank’s web­site


Quick Heal Tech­nolo­gies Lim­ited has de­tected that the Cos­mos Bank web­site was com­pro­mised with the in­fa­mous RIG ex­ploit kit which was de­liv­er­ing ‘Cer­ber Ran­somware’.The RIG Ex­ploit Kit has been drop­ping the ‘Cer­ber Ran­somware’ very fre­quently, off late. Quick Heal learnt about the in­fec­tion on Cos­mos Bank web­site while an­a­lyz­ing the teleme­try in­for­ma­tion col­lected from its own users. Af­ter re­pro­duc­ing the threat in its own Threat Re­search Lab. on 20th March, 2017, Quick Heal dis­cov­ered that the Cos­mos Bank web­site was com­pro­mised by the RIG Ex­ploit Kit and used as a car­rier of the ‘Cer­ber Ran­somware’. Quick Heal has in­formed Cos­mos Bank on 20th March, 2017 about this in­ci­dent and had also shared the ad­vi­sory with Cos­mos Bank. It must be noted that Cos­mos Bank is not the creator of the ran­somware but a vic­tim.

Quick Heal has been con­stantly mon­i­tor­ing the web­site since 20th of March, 2017 and ac­cord­ing to the lat­est find­ings (as we share this in­for­ma­tion), the Cos­mos Bank web­site is still in­fected.

Web­sites have be­come easy tar­gets for mal­ware writ­ers to spread mal­ware and it is not un­com­mon for a web­site to be com­pro­mised by more than one type of mal­ware. Ex­ploit Kits which have sur­faced dur­ing the past 10 years are more in­tel­li­gently de­signed soft­ware kits that runs on the users/vic­tim’s ma­chine and gathers in­for­ma­tion from the vic­tim’s ma­chine, finds vul­ner­a­bil­ity, de­ter- mines the ap­pro­pri­ate ex­ploit and de­liv­ers it on the ma­chine usu­ally by drive-by-down­loads and starts ex­e­cut­ing the mal­ware.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.