Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods.
In both cases attackers managed to infiltrate the Ask.com updater infrastructure to the point that they used legitimate Ask signing certificates to authenticate malware that was masquerading as software updates.
Leave a reply
