Menu
Ad fraud Trojan updates Flash Player so that other malware can't get in

Ad fraud Trojan updates Flash Player so that other malware can't get in

Despite being distributed through exploit kits, the Kovter Trojan appears to be ruining their business by patching valuable flaws

Big data

Big data

Someone call the malware antitrust commission: Recent versions of the Kovter ad fraud Trojan, which infects computers through Web-based exploits, close the door after themselves by updating Flash Player to the latest version.

The new and somewhat surprising behavior was recently observed by a malware researcher known online as Kafeine, who specializes in tracking drive-by download attacks that use exploit kits.

Kovter is used for so-called click or advertising fraud. Once installed on a computer, it hijacks the browser process and uses it to simulate user clicks on online advertisements in order to generate revenue for its creators.

According to Kafeine's research, the Trojan is being distributed through multiple exploit kits, Web-based attack tools that target vulnerabilities in browsers and their plug-ins -- Flash Player, Adobe Reader, Java and Silverlight.

These tools typically exploit known vulnerabilities, so their creators are primarily targeting users who don't keep the software installed on their computers up to date.

Drive-by download attacks are particularly nasty because they're usually launched from trusted, legitimate websites that have either been compromised or are loading malicious advertisements uploaded by attackers to ad networks.

This is not the first time a malware program patched the flaws it used to get in. However, such cases are rare today because the cybercriminal underground economy is heavily service-based.

Many malicious programs like Trojans don't have their own distribution mechanisms. Their creators don't search for vulnerabilities in software, don't write their own exploits and don't go around infecting websites. Instead, they rely on other cybercriminals who specialize in those activities, like the exploit kit creators.

Access to most exploit kits is sold on a subscription-based model. They generate income for their creators by distributing malware created by others.

That's why Kovter patching Flash Player is unusual. It's akin to paying for a cab and shooting its tires at the destination so that no one else can use it. You'd suppose the cab driver would be angry.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags patchessecurityDesktop securityExploits / vulnerabilitiesmalware

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments