On Tuesday, Microsoft patched the vulnerabilities affecting its products. One of the internet explorer zero-day vulnerabilities was, identified as CVE-2016-3298, described as information disclosure issue which affected Internet Explorer in the wild. The internet explorer zero-day vulnerability targets the object handling of the web-browser in the memory and tests for the presence of data on disk by directing a targeted user into opening a specific website.
After the patch, the attackers found a way to avoid automated analysis systems and researchers to exploit the said vulnerability to exploit in malvertising campaigns, discovered by security firm “Proofpoint.”
The researchers at Proofpoint identified the exploit is now affecting the vulnerability into massive malvertising campaigns by AdGholas and GooNky, the two threat actors.
Experts at Proofpoint first spotted the malvertising campaign back in April, which was targeting users in France, they believe that it had been leveraged by AdGholas.
The group also exploited the patched internet explorer zero-day vulnerability CVE-2016-3351 which affected Microsoft Edge last month. Experts at Proofpoint believe that the flaw is being exploited since 2014. These two vulnerabilities allowed the cybercriminals in ensuring that the targeted systems don’t belong to the security researchers.
The attackers used MIME-type checks to look for file types usually used by security researchers that are associated with any program. They checked for the association of file extensions such as .pcap, .py and .saz with any application, which typically indicates the existence of analysis environment. The hackers also searched for common file types such as .doc, .mp4, .mkv to determine if the system is used by regular users.
In a blog post, Proofpoint explained that “Threat actors, particularly those in the AdGholas and GooNky groups, continue to look for new means to exploit browser flaws. More importantly, though, they are turning to flaws that allow them to focus on “high-quality users”, specifically consumers rather than researchers, vendors, and sandbox environments that could detect their operations. Information disclosure vulnerabilities like CVE-2016-3298 described here and the previously discussed CVE-2016-3351 allow actors to filter based on software and configurations typically associated with security research environments.”
Share this article
About the Author
Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.More from Peter Buttler
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
Watch Prime Videos With Full Catalog and Unblocked Access Unblocking streaming content from Amazon P...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...