Short Bytes: A ransomware was found on the official website of EC-Council that runs Certified Ethical hacker program. After EC-Council did not reply to Fox-IT in the context of the malware injected in their site, Fox-IT decided to go public with this news, the excerpt of which can be read at the end of this blog post.
Shortly after the malware was found, researchers from security firm Fox-IT notified EC-Council officials found that one of their subdomains was under the influence of a schemer who had injected angler, a toolkit that provides powerful Web drive-by exploits.
Angler toolkit first appeared in late 2013. Since then, it has significantly grown in popularity in the cyber underworld. Angler toolkit evades detection by changing the variations of the various components it uses (HTML, JavaScript, Flash, Silverlight, Java and more).
On Thursday, after receiving no reply from the EC-Council and still seeing that the website was infected, Fox-IT published a blog post showing that the company had failed to respond them.
Also Read: Denmark creates “Hackers Academy” For Training Black Hat Hackers
Unlike other drive-by attacks, this one is very hard for the researchers to replicate. Moreover, this exploit only targets the visitors using Internet Explorer and only when they come to the site from search engines like Google, Bing, Yahoo etc. Even though these conditions are met, people from certain IP addresses from certain geographic locales are also spared.
Here is an excerpt from the Fox-IT team:
Have something to add? Share your views in the comments below.