Information Security News
As you read these words, malicious ads on legitimate websites are targeting visitors with malware. But that malware doesn't infect their computers, researchers said. Instead, it causes unsecured routers to connect to fraudulent domains.
Using a technique known as steganography, the ads hide malicious code in image data. The hidden code then redirects targets to webpages hosting DNSChanger, an exploit kit that infects routers running unpatched firmware or are secured with weak administrative passwords. Once a router is compromised, DNSChanger configures it to use an attacker-controlled domain name system server. This causes most computers on the network to visit fraudulent servers, rather than the servers corresponding to their official domain.
Patrick Wheeler, director of threat intelligence for security firm Proofpoint, told Ars:
This morning, Ars received an odd ask by Twitter direct message: "Hello, we are Fancy Bears' Hack Team. Are you interested in WADA and USADA confidential documents?"
Fancy Bears HT is the front for the hacking operation that spear-phished International Olympic Committee members to gain access to the systems of the World Anti-Doping Agency (WADA). Those records were leaked—and in some cases, according to WADA officials, modified—in an effort to discredit the Olympics' drug-testing rules. The leaks were seen by officials as retribution for the bans imposed on Russian athletes after widespread doctoring of drug tests by the Russians at multiple Olympic games was exposed by a WADA investigation.
The hack of the United States Anti-Doping Agency (USADA) e-mails was first revealed in October. A spokesperson for USADA told Ars that the e-mails were probably exposed during the Paralympic Games in Rio de Janeiro, possibly when a scientific advisor to USADA was using public Wi-Fi at the games.