Light Dark
July 9, 2015 By Shane Schick 2 min read

Normally, we expect malware to disable older versions of key applications in order to steal information or take over a victim’s computer, but the latest in a string of problems involving Adobe Flash Player has cybercriminals offering a free update to the browser plugin instead.

As first revealed in a blog post by an independent security researcher known only as Kafeine on Malware don’t need Coffee, the latest version of the Kovter malware has been updating Flash as a sort of competitive tactic against other cybercriminals. The Kovter Trojan typically works by taking over a victim’s machine and clicking on online ads to generate revenue through crooked pay-per-click (PPC) affiliate programs.

In some respects, the real victims here may be advertisers, who don’t realize they’re getting impressions obtained by hijacking computers. As Naked Security noted, click-fraud malware can’t really work if it can’t see online ads properly, which is probably one of the reasons this variant of Kovter proactively updates Flash on the user’s behalf.

On the other hand, ensuring that a machine is using the latest version of the browser plugin could also be a way of guaranteeing rival click-fraud malware authors have a tougher time targeting the same computer later. Komando suggested this isn’t entirely a new tactic; earlier viruses could clean up a machine with their own antivirus tools before stealing information or taking control.

Perhaps the best defense strategy is beating Kovter to the punch by updating Flash first. There are certainly enough reasons by now: Just last week, The Guardian reported that a flaw in the plugin was allowing attackers to embed malware in a video file to take over victims’ computers. Around the same time, cybercriminals were taking advantage of the same flaw in drive-by download attacks using the Magnitude exploit kit.

Computerworld suggested malicious actors are getting much faster at seizing such opportunities, so users need to patch as quickly as possible. And as this latest incident involving Kovter proves, cybercriminals are becoming as interested in one-upping each other as they are using malware to steal data or make money.

 |  |  |  | 
Shane Schick
Writer & Editor

More from

April 29, 2024

The major hardware flaw in Apple M-series chips

3 min read - The “need for speed” is having a negative impact on many Mac users right now.The Apple M-series chips, which are designed to deliver more consistent and faster performance than the Intel processors used in the past, have a vulnerability that can expose cryptographic keys, leading an attacker to reveal encrypted data. This critical security flaw, known as GoFetch, exploits a vulnerability found in the M-chips data memory-dependent prefetcher (DMP).DMP’s benefits and vulnerabilitiesDMP predicts memory addresses that the code is most…

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature