Security Alert: The Washington Free Beacon Serving up Malware via Drive-by-Download

By gTIC ·

With last week’s revelation concerning the National Security Agency’s (NSA) data mining and storage of all Verizon customers’ phone call metadata, the web is ablaze with large media outlets covering the story.

Security software company Invincea has discovered that an article about the issue on The Washington Free Beacon’s website is actively re-directing Internet users to a drive-by-download site (a site visited by a user or that a user is re-directed to that downloads malicious software without the user’s knowledge). Invincea states that the compromises are occurring to a java-based exploit kit. The exploit kit has been identified as the Fiesta EK.

Invincea further notes that their analysis has determined an “almost zero detection by the anti-virus vendors because while the toolkit and exploit method may be the same, [as previously disclosed breaches] the signatures are varied with each new campaign or iteration.”

FishNet Security recommends that you ensure your Java environment is fully patched and up-to-date to assist in prevention of this exploit. Additionally, if you discover an infected system, it is recommended that the system have network connectivity removed and a new OS image be loaded.

To read the full article from Invincea and acquire the Snort or Emerging Threats signatures please follow the link here.