Computer hackers have tried to compromise the Ask.com toolbar, fortunately their scheme was quickly discovered by security specialists and stopped.
Criminals Tried To Overtake The Ask.Com Toolbar
Computer criminals tried to hack the Ask.com toolbar and turn it into a malware distribution center. Fortunately their actions were caught in the early stages of their attack and no damage was incurred. The security Red Canary investigated active attack campaigns from various hacker groups and was able to stop the infection from spreading to the Ask.com toolbar. At the current moment the identity of the criminals is unknown. The criminals were able to hack into the update feature of the toolbar and place a dropper into some machines which alerted the security experts to investigate the threat and stop further infections.
Upon installation the dropper would download a secondary malware code which can be devastating to the computer owner. The binary is able to install other highly damaging threats such as banking Trojans, ransomware, keyloggers and etc. The exact type varied in accordance to the infected host.
According to the security researchers it is possible that the hackers were experimenting with various malware to find out which is the most efficient one to use in further campaigns. No attempts were made at mass distribution of the sample malware that have been discovered on the compromised machines.
The Red Canary team has stated that upon infection with the virus the behavior of the web browser changed dramatically. It starts to execute files with the .png file name extension. This could likely mean that additional malware code can be hidden in these files using various techniques such as steganography. This gives out the strategy of the hackers of embedding various malicious payloads in .png file containers.
Another thing which distinguishes legitimate from counterfeit toolbar updates is the fact that all official binary files are usually signed by the development team. What was surprising here is that the identified malware samples were also signed by the legitimate key used by Ask.com and distributed to various users in quick manner. The factor that revealed that there might be an issue was the fast update time. Usually updates to such popular software is done through a long process of quality assurance and testing of the code.
The human analysis was triggered when the security vendor discovered that an unusually short period of time has passed since the last update of the toolbar. When the Red Canary security team reported their findings to Ask.com, the online service issued an immediate security update that blocked the attacks. Since then no new attacks have been reported.
