In This Issue
Beware of Adware
Security for Home Users
Race to the End
Security for Business
Biting the 64-bit Bait
Beware of Adware
The actors behind MEVADE/SEFNIT malware proved that adware can be so much more than just a source of annoyance. They can also be sources of more dangerous malware.”
Trend Micro research shows that an Israel-based adware company was behind the spread of MEVADE/SEFNIT malware. The actors behind this malware managed to stay under the radar until the third quarter of 2013 when they modified how their bots communicated with the bot master.
MEVADE/SEFNIT turned out to be a malicious creation of the said adware company. It’s main purpose? Click fraud and some Bitcoin mining.
Tor-rential Surge in Users
So how did the bad guys end up on our radar? Reports of a sudden surge in the number of Tor users in August 2013 got our attention. Because Tor isn’t capable of being accessed by millions of computers, it nearly collapsed.
MEVADE/SEFNIT malware can infect computers in various ways though the most common means is through InstallBrain. Inflicting damage through spreading malware wasn’t so hard to do for the cybercriminals because millions of computers already had their adware, which they turned into MEVADE/SEFNIT downloaders.
Microsoft took notice of this, prompting the company behind InstallBrain—iBario—to remove it from the list of brands on its corporate site. It has since been replaced by “UnknownFile,” which turned out to be just another name for “InstallBrain.”
The Tie That Binds iBario to MEVADE/SEFNIT
An iBario executive dismissed reports that their company had ties to the brains behind MEVADE/SEFNIT who were based in the Ukraine. But we found evidence and other data like an organizational chart and the presence of MEVADE/SEFNIT malware in the company’s network that said otherwise.
The actors behind MEVADE/SEFNIT malware proved that adware can be so much more than just a source of annoyance. They can also be sources of more dangerous malware.