Researchers from Proofpoint, Inc. (NASDAQ: PFPT) said they have discovered a malware that is targeting vacationers who visit US travel sites.
The discovery shows that popular travel destination websites for cities including Boston, Salt Lake City, Houston, Monterey, Rochester, Myrtle Beach, Victoria and Utah Valley have been exploited and are serving malware to unsuspecting visitors. Proofpoint can also confirm that the command-and-control infrastructure of the cyber criminals behind the attacks all appears to be based in the Ukraine.
When users visit one of the infected websites a web exploit kit is run that then downloads additional malware onto their machine. However, more concerning is the fact that the exploit being used has very low detection rates with traditional antivirus solutions. When Proofpoint tested the piece of malware they discovered it was able to bypass all but four out of the 51 antivirus products on Virus Total. This makes it a particularly dangerous exploit for consumers.
“Since the attack started on July 3rd, and some of the web pages are promoting 4th of July activities, this attack appears to have been carefully timed to coincide with the US holiday season,” Horn said. “We suspect that the websites have been compromised for some time, but the attackers were carefully planning their attack for maximum impact.”
Proofpoint is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving and governance, and secure communications. More information is available at www.proofpoint.com.