Menu
Ad fraud Trojan updates Flash Player so that other malware can't get in

Ad fraud Trojan updates Flash Player so that other malware can't get in

Despite being distributed through exploit kits, the Kovter Trojan appears to be ruining their business by patching valuable flaws

Big data

Big data

Someone call the malware antitrust commission: Recent versions of the Kovter ad fraud Trojan, which infects computers through Web-based exploits, close the door after themselves by updating Flash Player to the latest version.

The new and somewhat surprising behavior was recently observed by a malware researcher known online as Kafeine, who specializes in tracking drive-by download attacks that use exploit kits.

Kovter is used for so-called click or advertising fraud. Once installed on a computer, it hijacks the browser process and uses it to simulate user clicks on online advertisements in order to generate revenue for its creators.

According to Kafeine's research, the Trojan is being distributed through multiple exploit kits, Web-based attack tools that target vulnerabilities in browsers and their plug-ins -- Flash Player, Adobe Reader, Java and Silverlight.

These tools typically exploit known vulnerabilities, so their creators are primarily targeting users who don't keep the software installed on their computers up to date.

Drive-by download attacks are particularly nasty because they're usually launched from trusted, legitimate websites that have either been compromised or are loading malicious advertisements uploaded by attackers to ad networks.

This is not the first time a malware program patched the flaws it used to get in. However, such cases are rare today because the cybercriminal underground economy is heavily service-based.

Many malicious programs like Trojans don't have their own distribution mechanisms. Their creators don't search for vulnerabilities in software, don't write their own exploits and don't go around infecting websites. Instead, they rely on other cybercriminals who specialize in those activities, like the exploit kit creators.

Access to most exploit kits is sold on a subscription-based model. They generate income for their creators by distributing malware created by others.

That's why Kovter patching Flash Player is unusual. It's akin to paying for a cab and shooting its tires at the destination so that no one else can use it. You'd suppose the cab driver would be angry.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchessecurityDesktop securityExploits / vulnerabilitiesmalware

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments