Another support scam and ransomware double whammy?

For Malwarebytes, Jérôme Segura reports on another incident where a support scam is combined with other malicious action – Comcast Customers Targeted In Elaborate Malvertising Attack. In this case, malvertising planted on Comcast’s Xfinity search page leads to an attempt to install malware via the Nuclear exploit kit. Malwarebytes weren’t able to collect the malware payload on this occasion, but think it likely to be Cryptowall or another type of ransomware. Subsequently, another site purporting to be the Xfinity portal may serve a fake alert along the lines of:

Comcast’s security plugin has detected some suspicious activity from your IP address.  Some Spyware may have caused a security breach at your network location.  Call Toll Free 1-866-319-7176 for technical assistance

Also reported by Help Net Security.

Adding to both the Tech Support Scam and Ransomware resource pages

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.