2017-12-19 - QUICK POST: EITEST HOEFLERTEXT POPUPS OR FAKE ANTI-VIRUS PAGES
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- Zip archive of the pcaps: 2017-12-19-EITest-campaign-2-pcaps.zip 3.5 MB (3,512,979 bytes)
- Zip archive of the malware and associated artifacts: 2017-12-19-EITest-campaign-malware-and-artifacts.zip 460.5 kB (460,508 bytes)
NOTES:
- "EITest" is a long-running campaign that formerly used exploit kits to distribute malware.
- Earlier this year, EITest turned to different methods like HoeflerText popups or fake anti-virus pages pushing tech support scams.
- In September 2017, Palo Alto Networks published a Unit 42 blog I wrote about HoeflerText popups that EITest uses to distribute malware. Click here for details.
- Today's diary is almost a repeat of traffic seen last week on 2017-12-12.
Shown above: Current flow chart for activity by the EITest campaign.
Shown above: When using Google Chrome.
Shown above: When using Internet Explorer.
Click here to return to the main page.