Hackers and hacktivists are using defaced websites to infect unaware visitors with malware. The malware allows the hackers to control the infected device. The AnonGhost hackers are using their defaced websites to build a botnet by infecting unaware visitors. In a earlier report we reported that the AnonGhost hackers will be able to hit targets fasters because Mauritania Attacker has gone active again.
The “Mauritania Attacker” is one of the AnonGhost team and he is capable of organizing events like the #opGov, #opUSA, #opIsrael and #opPetrol operations. These operations are often followed by various Islamic and middle-eastern hacking teams.
The AnonGhost team alone has the capability to deface 100 websites each days ( at least ). Just imagine 100 websites which are serving malicious codes to unaware users, daily!
This allows any operator to control a massive botnet within a couple of days. I have also reported that Facebook scammers will use this method to earn EXTRA online revenue. The Facebook scams are capable of hitting thousands of unaware users daily.
zScaler reported that members of AnonGhost are using the Dokta Chef Exploit Kit (EK).
The Dokta Chef EK, was serving a malicious payload for a recently disclosed Microsoft Vulnerability CVE-2014-6332 ,that causes remote code execution when the user visits a specially crafted webpage using Internet Explorer (IE).
The zScaler report continues to list the infected domains:
- swo.gov.sy
- syrianpost.gov.sy
- myisrael.org.il
- madagascar.gov.mg
- skynewsinternational.com
- ccvs.state.vt.us
- txep.uscourts.gov
- rsb.wp.mil.pl
- navy.gov.au
- igc.mowr.gov.iq
- embavenez.co.uk
- libyanembassy-italy.gov.ly