A new malware attack is luring victims by using web-based exploits to perform a ‘drive-by’ malware download under the guise of an electronic money transfer.
Researchers at Solera Networks reported that the attackers make use of Google’s goo.gl link-shortening service to hide the location of the attack site.
The attacks claim to originate from the ‘Electronic Payments Association’ and notify potential victims of a failed direct deposit attempt. Clicking on the link included with the message redirects to a site which attempts to perform a number of exploits using vulnerabilities in Flash and Java.
Andrew Brandt, director of threat research at Solera Networks Labs, told V3 that the attacks are part of a much larger trend in which cyber criminals target browser plug-ins and third-party components.
“I am seeing non-stop examples of this every day and it is becoming a really big deal. Even with an older browser you can be relatively safe if you update things like Flash, Adobe Reader and Java,” he said.
The attacks also highlight the use of third-party link-shortening services. Other malware and spam operations have made similar use of such tools to insulate targets from the actual attack site.
“Cyber criminals are switching gear from sending the malware as an attachment, to drive-by downloads. Next week it will be different, but I keep seeing these attacks over and over again,” said Brandt.
This article was originally published on V3.