A new malware attack is luring victims by using web-based exploits to perform a 'drive-by' malware download under the guise of an electronic money transfer.
Researchers at Solera Networks reported that the attackers make use of Google's goo.gl link-shortening service to hide the location of the attack site.
The attacks claim to originate from the 'Electronic Payments Association' and notify potential victims of a failed direct deposit attempt. Clicking on the link included with the message redirects to a site which attempts to perform a number of exploits using vulnerabilities in Flash and Java.
Andrew Brandt, director of threat research at Solera Networks Labs, told V3 that the attacks are part of a much larger trend in which cyber criminals target browser plug-ins and third-party components.
"I am seeing non-stop examples of this every day and it is becoming a really big deal. Even with an older browser you can be relatively safe if you update things like Flash, Adobe Reader and Java," he said.
The attacks also highlight the use of third-party link-shortening services. Other malware and spam operations have made similar use of such tools to insulate targets from the actual attack site.
"Cyber criminals are switching gear from sending the malware as an attachment, to drive-by downloads. Next week it will be different, but I keep seeing these attacks over and over again," said Brandt.
This article was originally published on V3.
What's New for 2015?
You spoke, we listened! ClickZ Live New York (Mar 30-Apr 1) is back with a brand new streamlined agenda. Don't miss the latest digital marketing tips, tricks and tools that will make you re-think your strategy and revolutionize your marketing campaigns. Super Saver Rates are available now. Register today!