Menu
Ad fraud Trojan updates Flash Player so that other malware can't get in

Ad fraud Trojan updates Flash Player so that other malware can't get in

Despite being distributed through exploit kits, the Kovter Trojan appears to be ruining their business by patching valuable flaws

Big data

Big data

Someone call the malware antitrust commission: Recent versions of the Kovter ad fraud Trojan, which infects computers through Web-based exploits, close the door after themselves by updating Flash Player to the latest version.

The new and somewhat surprising behavior was recently observed by a malware researcher known online as Kafeine, who specializes in tracking drive-by download attacks that use exploit kits.

Kovter is used for so-called click or advertising fraud. Once installed on a computer, it hijacks the browser process and uses it to simulate user clicks on online advertisements in order to generate revenue for its creators.

According to Kafeine's research, the Trojan is being distributed through multiple exploit kits, Web-based attack tools that target vulnerabilities in browsers and their plug-ins -- Flash Player, Adobe Reader, Java and Silverlight.

These tools typically exploit known vulnerabilities, so their creators are primarily targeting users who don't keep the software installed on their computers up to date.

Drive-by download attacks are particularly nasty because they're usually launched from trusted, legitimate websites that have either been compromised or are loading malicious advertisements uploaded by attackers to ad networks.

This is not the first time a malware program patched the flaws it used to get in. However, such cases are rare today because the cybercriminal underground economy is heavily service-based.

Many malicious programs like Trojans don't have their own distribution mechanisms. Their creators don't search for vulnerabilities in software, don't write their own exploits and don't go around infecting websites. Instead, they rely on other cybercriminals who specialize in those activities, like the exploit kit creators.

Access to most exploit kits is sold on a subscription-based model. They generate income for their creators by distributing malware created by others.

That's why Kovter patching Flash Player is unusual. It's akin to paying for a cab and shooting its tires at the destination so that no one else can use it. You'd suppose the cab driver would be angry.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchessecurityDesktop securityExploits / vulnerabilitiesmalware

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments