Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Inside an Attack on Popular Broadband Analysis Site SpeedTest.Net

SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea.

The situation has since been cleaned up. Details and pictures can be found here on Invincea’s blog.

SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea.

The situation has since been cleaned up. Details and pictures can be found here on Invincea’s blog.

“The exploit analysis shows that potentially a large number of users were exposed to a Java-based exploit temporarily hosted by speedtest.net,” according to Invincea. “Indicators show the exploit implemented by injected Javascript and used the “g01pack” exploit kit likely compromised speedtest.net as part of a malvertising campaign.”

The exploit used a number of tactics and techniques to evade detection while exploiting the Java software plug-in, the company stated in a blog post. In addition, Invincea discovered this particular attack campaign utilized “the lesser-known” g01pack exploit kit, which is known to typically drive traffic to a landing page via malvertising where victims would be served with rogue antivirus.

“Some additional online research indicates that speedtest.net has been compromised several times in the past through vulnerabilities in the OpenX advertising plugin in order to inject malicious Javascript redirecting users to malware,” according to Invincea. “We can’t confirm at this time that this advertising plugin was used or exploited for this attack.”

The Java exploit puts this incident in line with other recent attacks targeting Java vulnerabilities, including high-profile incidents such as the ‘Red October’ cyber-espionage campaign publicized earlier this month by Kaspersky Lab. In response to criticism, Oracle recently pledged to do more outreach to the Java user community regarding security concerns.

The attack is another example of how hackers are utilizing legitimate sites to trap unsuspecting users.

In Cisco Systems’ 2013 Annual Security report, researchers found that online shopping sites are 21 times as likely—and search engines 27 times as likely—to serve malicious content as counterfeit software sites. Along the same lines, online advertisements are 182 times as likely to deliver malicious content as pornography sites.

Advertisement. Scroll to continue reading.

The results of the report confirmed that “users aren’t stupid,” Mary Landesman, senior security researcher at Cisco, told SecurityWeek’s Fahmida Rashid.

There is an overwhelming perception that people get compromised for “going to dumb sites,” Landesman said. “The Web is extremely complex and people are making mistakes, she said.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.