Hackers exploiting trust with malware triumvirate

Hackers are using three families of malware in exploiting user trust in supposedly safe websites.

Malware

Some savvy cyber criminals have used just three families of malware to infect around five million systems, in what one security firm has labelled the "trust phenomenon."

Rather than using more shady areas of the internet, such as pornography or download sites, to spread infection, the hackers tracked by avast! have sought to exploit user trust in websites believed to be secure.

Users appear to have plenty of faith in well-known web services, with one user complaining to avast!: "I very much doubt Google is sending me a Trojan."

Another said they didn't want their time wasted by alerts from avast!.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The danger is in the familiar, everyday trusted places on the internet which are as much a part of a daily routine like your morning coffee," said Jiri Sejtko, avast! senior virus analyst.

"People send us complaints about false positive detections' and even disable their AV protection in order to reach their desired location then they wish they hadn't."

The three kinds of malware that avast! believes to be part of the "trust phenomenon" include the Ill family, Kroxxu and JS:Prontexi.

All are technologically very different, according to avast!, but they are also highly effective in snaring unwitting users.

"Bad guys move in cycles, creating new variants with the knowledge gained from previous generations," Sejtko added.

"When you get an alert from your antivirus program, don't ignore it."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020