Cybercrooks have found a method to combine several aggressive malware threats to conjure up a vicious malware concoction. The malware cocktail includes multiple stages that steal passwords, injects malicious code into legitimate websites, loads the Angler exploit kit, and then installs the CryptoWall Ransomware threat to collect money.
Armed with the CryptoWall Ransomware threat, Pony Botnet, and Angler exploit kit all in one, a cybercrook group can infiltrate compromised computers where sites are hosted so they may redirect visitors to those sites to launch an attack using the Angler exploit kit installing ransomware.
The Pony malware threat, or botnet, is an extremely effective password stealer and connection portal for infected systems that acts as the first line of defense. Then, there is the Angler exploit kit, known for being the most widespread exploit kit that is able to exploit vulnerabilities within Windows, browser plug-ins, Java and Flash player. As we know, CryptoWall Ransomware is known for encrypting files on an infected system and then holding the computer's encrypted files for a ransom fee. With all three threats combined, a cybercriminal group may wage an extremely dangerous attack tool that blends functions from the different threats to wreak havoc on vulnerable computer systems around the world.
With all three threats working together, cybercrooks could gather login credentials to a web server, flood the system with malicious code, and then spread a vicious exploit kit to each where visitors of the infected server sites permit the installation of malware, such as CryptoWall. The act of the famous CryptoWall ransomware comes into play for its encryption and demanded ransom fees, to essentially act as the mechanism to collect monies if the exploit proves to be successful.
The attack campaign for this malicious cocktail is extensive and was found by the Heimdal security researchers to originate from a secure hosting environment in the Ukraine. The objectives of the malware cocktail campaign appear to conquer and divide, in more ways than one. Essentially, the mechanisms involved in the campaign give the attackers the upper hand in achieving a large distribution of malware on a considerable amount of vulnerable computers.
To put things into perspective, the use of a multi-threat attack enables hackers to quickly infiltrate computers and lessen the chances of the perpetrators being caught or stopped in the act. Substantially, using such a threat method is one of the most aggressive methods for attacking secure systems.