Malware Mixed Into A Cyber Threat Cocktail

Uploaded on 2015-12-15 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cybercrime group combines Pony, Angler and CryptoWall 4.0 in a single campaign

An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.

The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.

The stolen credentials are then used to inject malicious code into legitimate websites with the goal of redirecting their visitors to an installation of the Angler exploit kit. This is a Web-based attack tool that includes exploits for various vulnerabilities in Windows and browser plug-ins, such as Flash Player and Java.

Computers whose software is not up to date are specifically exposed to Angler attacks, which are known as drive-by downloads. If any of the exploits is successful, CryptoWall 4 is deployed on the computer.

CryptoWall is one of the most widespread and successful ransomware programs to date, having earned its creators millions of dollars in ransom payments. The application encrypts files using a strong cryptographic algorithm and then asks victims to pay for the encryption key.

In the absence of offline backups, many victims, including companies and government organizations, have been forced to pay in order to recover critical documents and other irreplaceable data.

This attack campaign is extensive and originates from a bulletproof hosting environment located in Ukraine, the Heimdal security researchers said in a blog post. "Because of the mechanisms involved and the attackers’ objectives, the campaign is prone to achieve large distribution and affect a big number of PCs and their users."

Computerworld:  http://bit.ly/1XNKCBO

« Cyber Warfare: An Integral Part of Modern Politics
The True Cost of Surveillance »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

Titus

Titus

Titus is a global leader in enterprise-grade data protection solutions.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Openminded (OPMD)

Openminded (OPMD)

Openminded is a French security and network services company.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

OpSec Security

OpSec Security

OpSec Online is the only brand protection solution that spans all channels so your brands are protected no matter what digital venue the criminals target.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.