Drive-by download campaign targets Chinese websites, experiments with exploits


#1

Drive-by download campaign targets Chinese websites, experiments with exploits (Feb 22, 2018)

A new drive-by download attack has been planted on Chinese websites according to Malwarebytes researchers. The campaign leverages compromised websites to load external content via scripts and iframes. Three vulnerabilities observed being exploited on these websites are "CVE-2008-2551", "CVE-2015-5119", and "CVE-2016-0189" affecting an ActiveX component, Flash Player, and Internet Explorer respectively. The final payload being dropped was a DDoS bot.

Recommendation: Website owners should be vigilant to protect their websites from compromise in order that their assets are not used for malicious actor's purposes. Website users should always make sure that the latest patches are applied in order not to be exploited by old vulnerabilities.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.


#2

I also heard somewhere about it from kaspersky antivirus error 1922 where some exploits were sent to various sites. This is very malicious for the users.