Computer viruses were once a thing that threatened the sanctity of innocent computer users, who only want to use their PC to surf the Internet, be as productive as they can, and contribute to society by posting their latest updates on Facebook, Twitter and Instagram. While today's computer world has evolved into a massive breeding ground for hackers, many legitimate sources have had their 'secure' rock chipped away when it comes to exploitation and the spreading aggressive malware threats.
In the recent days, the computer security certification organization that administers the Certified Ethical Hacker program has been spreading the famous TeslaCrypt Ransomware threat. After spreading what is known as one of the most destructive malware threats that encrypt victimized computers' files and holds them for a ransom fee, one of the subdomains of the EC-Council found that it was compromised by the Angler Exploit Kit and later used to spread TeslaCrypt Ransomware.
The EC-Council subdomain under attack was part of a structure that administers an online program to train computer security students. Notified by security firm Fox IT, the EC-Council officials did not notice the attack and spreading of TeslaCrypt. Instead, Fox IT took to their own site to publish a blog post under the belief that their attempts to notify EC-Council failed.
The attack, one that was initiated by the Angler Exploit Kit in a drive-by fashion, is one that specifically targets users of Internet Explorer. Many users who landed on the exploited subdomain of EC-Council were forced to view sites through redirects by the way of embedded code. From there, the systems landing on the Angler-coded sites were exploited and then delivered the TeslaCrypt Ransomware threat.
The payload being TeslaCrypt in the case of the exploited EC-Council domain utilized PHP code where the WordPress CMS was likely attacked through a vulnerability on the site. Once a system has been exploited, the TeslaCrypt threat is dropped and then later encrypted by the malware instructing victims to pay a fee to recover their files.
As we know with TeslaCrypt Ransomware, files are steadily encrypted and cannot be recovered unless a computer user pays the fee to get a decryption key or restores their hard drive from a backup copy. Currently, TeslaCrypt Ransomware is asking that victimized computer users pay a fee of about $622 or 1.5 BTC (Bitcoin) to get their files back.
The propagation of exploited legitimate sites is getting out of hand as of late. Just a couple weeks ago, The New York Times and BBC sites fell victim to malicious advertisements that redirected users to a source that attempted to install crypto ransomware threats among other malware onto vulnerable computers. Many large companies have taken additional steps to safeguard their sites as they are continually coming under attack by cybercrooks to spread new and advanced crypto-type ransomware threats.
The ironic part about the recent attack on EC-Council is that their organization specifically trains computer security students, individuals who are eventually taught to detect and combat the spread of malware. With that in mind, it is apparent that there are no boundaries for attacks and hackers will stop at nothing to launch the next malware campaign.