Equifax website showed you ads full of malware, expert finds

As if suffering one of the worst hacks in history wasn’t enough, Equifax may have been attacked yet again.

Randy Abrams, an independent cybersecurity analyst, said Thursday that the company’s website was serving up malicious software to visitors, spewing what’s known as adware.

Abrams recently found that the Equifax website directed him to download what looked like a harmless Flash update but was actually a malicious piece of software known as Adware.Eorezo. Here’s what adware does: It loads itself onto your computer and shows you unwanted ads when you’re online.

Now Playing:
Watch this:

Equifax may have been hacked again


To serve up the adware to visitors, the hackers appear to have redirected Abrams (and other visitors who corroborated his experience) from Equifax’s site to shady web pages that host the malicious software. Visitors would have to click on the download for the adware to infect their computers.

Abrams doesn’t think Equifax’s website itself was hacked. Rather, it was swept up in a much larger hacking campaign. “Equifax would be a shotgun victim,” he said.

Animation of the Equifax website. Equifax's website appeared to serve up adware

Equifax’s website appeared to serve up adware


An Equifax spokesperson acknowledged the problem, saying, “Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”

The fact that Equifax itself likely wasn’t hacked again is good news for a company that earlier this year got hit by a massive data breach, which compromised the Social Security numbers and other personal information of about 145.5 million Americans. Instead, its website was caught up in a common and stealthy hacking technique called “malvertising.”

With malvertising, hackers take advantage of weaknesses in the world of online advertising. Legitimate, trusted websites serve up ads to visitors all the time. But they get those ads from brokers, who themselves get the ads from other parties. It’s a complex web that makes it difficult to stop bad actors from posing as legitimate advertisers. 

Instead of ads, malvertisers trick websites into serving up prompts to download malicious software. It can look like a normal alert from your computer to update your Flash software (itself a common source of vulnerabilities in your computer, which Adobe is retiring in 2020) or other routine computer update.

“Typically it’s not the host website that’s to blame,” Abrams said. “It’s going to be a third party that’s pushing ads.”

Abrams said he hopes the public focus on Equifax will teach more people about the dangers of malvertising. “On any small or large website in the world, this is what it looks like in progress,” Abrams said. “Stop when you see this.”

Originally published Oct. 12 at 9:13 a.m. PT.
Updated at 11:33 a.m. PT: Added new material, including information from cybersecurity analyst Randy Abrams.

Logging Out: Welcome to the crossroads of online life and the afterlife.

Batteries Not Included: The CNET team reminds us why tech is cool.

Source link