Drive-by download campaign targets Chinese websites, experiments with exploits (Feb 22, 2018)
A new drive-by download attack has been planted on Chinese websites according to Malwarebytes researchers. The campaign leverages compromised websites to load external content via scripts and iframes. Three vulnerabilities observed being exploited on these websites are "CVE-2008-2551", "CVE-2015-5119", and "CVE-2016-0189" affecting an ActiveX component, Flash Player, and Internet Explorer respectively. The final payload being dropped was a DDoS bot.
Recommendation: Website owners should be vigilant to protect their websites from compromise in order that their assets are not used for malicious actor's purposes. Website users should always make sure that the latest patches are applied in order not to be exploited by old vulnerabilities.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.