There's a rather large malvertising-driven attack running at the moment, that's attempting to trick people into installing or upgrading a fake version of Java. It looks pretty believable, if you disregard the domain name (tartd.info having no obvious linguistic connection to "Java"):
(The fine print at the bottom, if you're having trouble reading it, says "This website has no affiliation whatsoever with the owner of these software programs, and provides only links to the software programs. This software may be obtained freely.")
Most of the tartd.info traffic is coming through yieldmanager.com, but I counted at least a dozen different ad sites as referrers in the logs yesterday.
The fake Java setup program hadn't been seen by VirusTotal last night when I checked it, but it scored 9 hits, mostly as some variation of "Solimba". (It had 11 hits when I re-checked it just now.)
This attack, then, involves adware being spread via malvertising, which makes for a nicely symmetric "circle of life"…
And, given that Java is the most common attack point that exploit kits go after these days, the irony of this attack is pretty thick. Arguably, a computer user who installs this junk, thinking it's the real Java, could still be considered as more secure than someone who has the real thing installed. Ouch.
–C.L.
@bc_malware_guy
Leave a reply