Number: IRCNE2015062556
Date: 2015/06/29
According to “itpro”, hackers are using click fraud, the act of clicking repeatedly on a web advert to drain advertisers' revenues, as the most common way to distribute ransomware.
This is according to threat detection firm Damballa's Q2 2015 State of Infections report, which analysed click fraud malware RuthlessTreeMafia, introduced by the Asprox botnet.
When the botnet was in control of Damballa's infected test device, those behind RuthlessTreeMafia sold access to the host to other threats that used downloaders to install the Rerdom and Rovnix Trojans.
The test device also became infected with CryptoWall ransomware, used to encrypt files on the device, demanding a payment from the victim to decrypt them. The chain continues, with more ransomware and malware being installed on devices, making the original attacker more money and digging the victim deeper into trouble.
“The changing nature of these attacks, underscores the importance of being armed with advanced detection, to combat these more stealthy threats. As infections can spread quickly through the network, security teams should take proactive measures to avoid becoming a cautionary click-fraud tale.”
- 10