Beladen changes tactics to direct compromised users to Shkarkimi

By on

The payload site for the mass compromise known as Beladen has changed its name to Shkarkimi.

Websense Security Labs ThreatSeeker Network has detected that the new site is hosted on the same IP address as Beladen and the exploits it serves are the same. It claimed that the obfuscated typosquatting domain of Google-Analytics that led to the exploit site Shkarkimi is still massively injected.

 

At the time of writing it claimed that around 30,000 websites are injected with code that eventually leads to Shkarkimi.

 

Carl Leonard, threat research manager at Websense Security Labs, said: “Mass injections have obviously worked. Changing the fake Google analytics typo page to redirect to Shkarkimi has given new legs to a well known attack. For a short period this unknown element will dodge past security solutions that have yet to be updated with the change, leaving users exposed to exploit code.”

See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
beladen direct internet malware security shkarkimi traffic web

Sponsored Whitepapers

10 questions to ask before you select a Network Performance Management tool
10 questions to ask before you select a Network Performance Management tool
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Unlock faster time-to-revenue using Adobe digital document processes
Unlock faster time-to-revenue using Adobe digital document processes
How Security as Code changes development and deployment for the cloud
How Security as Code changes development and deployment for the cloud
Tackle new ITSM priorities with this seven-step Micro Focus guide
Tackle new ITSM priorities with this seven-step Micro Focus guide

Events

Most Read Articles

AWS cautions gov against rushing in more cyber security regulations

AWS cautions gov against rushing in more cyber security regulations
Telstra 'gamifies' cloud cost reduction efforts among internal teams

Telstra 'gamifies' cloud cost reduction efforts among internal teams
Australia Post trials running post office processes on a smartphone

Australia Post trials running post office processes on a smartphone
CBA to treat its software like "food in the fridge"

CBA to treat its software like "food in the fridge"

Digital Nation

Digital leaders master collaboration, reskilling and culture: Didier Bonnet
Digital leaders master collaboration, reskilling and culture: Didier Bonnet
Next generation of Digital Giants growing faster than the originals: Ray Wang
Next generation of Digital Giants growing faster than the originals: Ray Wang
Expect dramatic value chain disruptions every four years: McKinsey Global Institute
Expect dramatic value chain disruptions every four years: McKinsey Global Institute
HR platform consolidation unlocks the value of data at Aurecon
HR platform consolidation unlocks the value of data at Aurecon
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight

Log In

Email:
Password:
  |  Forgot your password?