Antique cyberattacks target unpatched legacy systems
THE IMPORTANCE of keeping all computers up-to-date with security patches was made apparent earlier this week after a series of Chinese websites were identified as being the targets for drive-by download campaigns which dropped a distributed denial of service (DDoS) bot called Avzhan, a malware which is around eight years old.
Malwarebytes Labs researchers pointed out that the exploits were not advanced.
The very existence of such campaigns these days points to the fact that there have to be enough genuine targets susceptible to such attacks remaining, despite the best efforts of cybersecurity teams across the globe.
The exploits include three which target specific vulnerabilities in Flash player, Internet Explorer and ActiveX, the latter affecting the C6 Messenger control. In this instance, the creator of the exploit used old code, simply changing the download URL to point to their own URL.
The Flash vulnerability dates from 2015 and the Internet Explorer exploit from 2016. Flash is not often seen on up-to-date websites and the platform is on the decline, partially at least as a result of Apple’s refusal to integrate compatibility the Macromedia-created system into iOS.
All the vulnerabilities as identified by Malwarebytes Labs drop the Avzhan DDoS bot which installs itself onto targeted machines as a Windows service. Researchers say that while Avzhan has been around for several years, its presentation has changed little over time, with better attempts to hide the code and configuration additions to the original.
Malwarebytes Labs researcher Jérôme Segura said:
Although we see the use of several exploits, we cannot call this an exploit kit – not even an amateur one. Indeed, the domain serving the exploits appears to be static and the URIs are always the same. Regardless, it does not prevent threat actors from arranging drive-by attacks by copying and pasting various pieces of code they can find here and there. While not very effective, they may still be able to compromise some legacy systems or machines that have not been patched.
- Hype or not? Gartner eyes three future cutting-edge tech trends
- Vietnam’s Ho Chi Minh is on the path to becoming a globalized smart city
- ‘Everyone will have one’ — Alibaba unveils personal cloud computer
- Which tech firms will lose out the most in the China-US trade war?
- Why Asia is powering ahead of rivals when it comes to cashless