Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Inside an Attack on Popular Broadband Analysis Site SpeedTest.Net

SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea.

The situation has since been cleaned up. Details and pictures can be found here on Invincea’s blog.

SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea.

The situation has since been cleaned up. Details and pictures can be found here on Invincea’s blog.

“The exploit analysis shows that potentially a large number of users were exposed to a Java-based exploit temporarily hosted by speedtest.net,” according to Invincea. “Indicators show the exploit implemented by injected Javascript and used the “g01pack” exploit kit likely compromised speedtest.net as part of a malvertising campaign.”

The exploit used a number of tactics and techniques to evade detection while exploiting the Java software plug-in, the company stated in a blog post. In addition, Invincea discovered this particular attack campaign utilized “the lesser-known” g01pack exploit kit, which is known to typically drive traffic to a landing page via malvertising where victims would be served with rogue antivirus.

“Some additional online research indicates that speedtest.net has been compromised several times in the past through vulnerabilities in the OpenX advertising plugin in order to inject malicious Javascript redirecting users to malware,” according to Invincea. “We can’t confirm at this time that this advertising plugin was used or exploited for this attack.”

The Java exploit puts this incident in line with other recent attacks targeting Java vulnerabilities, including high-profile incidents such as the ‘Red October’ cyber-espionage campaign publicized earlier this month by Kaspersky Lab. In response to criticism, Oracle recently pledged to do more outreach to the Java user community regarding security concerns.

The attack is another example of how hackers are utilizing legitimate sites to trap unsuspecting users.

In Cisco Systems’ 2013 Annual Security report, researchers found that online shopping sites are 21 times as likely—and search engines 27 times as likely—to serve malicious content as counterfeit software sites. Along the same lines, online advertisements are 182 times as likely to deliver malicious content as pornography sites.

Advertisement. Scroll to continue reading.

The results of the report confirmed that “users aren’t stupid,” Mary Landesman, senior security researcher at Cisco, told SecurityWeek’s Fahmida Rashid.

There is an overwhelming perception that people get compromised for “going to dumb sites,” Landesman said. “The Web is extremely complex and people are making mistakes, she said.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.