Skip to main content

Security Alert: The Washington Free Beacon Serving up Malware via Drive-by-Download

June 10, 2013

With last week’s revelation concerning the National Security Agency’s (NSA) data mining and storage of all Verizon customers’ phone call metadata, the web is ablaze with large media outlets covering the story.

Security software company Invincea has discovered that an article about the issue on The Washington Free Beacon’s website is actively re-directing Internet users to a drive-by-download site (a site visited by a user or that a user is re-directed to that downloads malicious software without the user’s knowledge). Invincea states that the compromises are occurring to a java-based exploit kit. The exploit kit has been identified as the Fiesta EK.

Invincea further notes that their analysis has determined an “almost zero detection by the anti-virus vendors because while the toolkit and exploit method may be the same, [as previously disclosed breaches] the signatures are varied with each new campaign or iteration.”

FishNet Security recommends that you ensure your Java environment is fully patched and up-to-date to assist in prevention of this exploit. Additionally, if you discover an infected system, it is recommended that the system have network connectivity removed and a new OS image be loaded.

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

January 26, 2018

Identity and Access Management Solutions

We help you minimize risk and maximize efficiency with our IAM solutions.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.