Menu
Ad fraud Trojan updates Flash Player so that other malware can't get in

Ad fraud Trojan updates Flash Player so that other malware can't get in

Despite being distributed through exploit kits, the Kovter Trojan appears to be ruining their business by patching valuable flaws

Big data

Big data

Someone call the malware antitrust commission: Recent versions of the Kovter ad fraud Trojan, which infects computers through Web-based exploits, close the door after themselves by updating Flash Player to the latest version.

The new and somewhat surprising behavior was recently observed by a malware researcher known online as Kafeine, who specializes in tracking drive-by download attacks that use exploit kits.

Kovter is used for so-called click or advertising fraud. Once installed on a computer, it hijacks the browser process and uses it to simulate user clicks on online advertisements in order to generate revenue for its creators.

According to Kafeine's research, the Trojan is being distributed through multiple exploit kits, Web-based attack tools that target vulnerabilities in browsers and their plug-ins -- Flash Player, Adobe Reader, Java and Silverlight.

These tools typically exploit known vulnerabilities, so their creators are primarily targeting users who don't keep the software installed on their computers up to date.

Drive-by download attacks are particularly nasty because they're usually launched from trusted, legitimate websites that have either been compromised or are loading malicious advertisements uploaded by attackers to ad networks.

This is not the first time a malware program patched the flaws it used to get in. However, such cases are rare today because the cybercriminal underground economy is heavily service-based.

Many malicious programs like Trojans don't have their own distribution mechanisms. Their creators don't search for vulnerabilities in software, don't write their own exploits and don't go around infecting websites. Instead, they rely on other cybercriminals who specialize in those activities, like the exploit kit creators.

Access to most exploit kits is sold on a subscription-based model. They generate income for their creators by distributing malware created by others.

That's why Kovter patching Flash Player is unusual. It's akin to paying for a cab and shooting its tires at the destination so that no one else can use it. You'd suppose the cab driver would be angry.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitymalwarepatchesExploits / vulnerabilitiesDesktop security

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments