Fireeye Report gets it mostly right

We have been reading through reports lately on DNS hijacking and misdirection from Fireeye as well as DHS and other vendors. One often overlooked area not being mentioned in the CDN vulnerabilities we have been talking about for awhile now. Just this week we noted that there has been reporting on the Linux Package Manager as well as other updaters such as VLC player. We have been observing actual attacks on these platforms for quite some time now utilizing DNS redirection (SINKHOLE) being used to redirect users to malicious sites that push infected code to the end users requesting application updates. Another problem is that many of these applications are pulling content from Content Delivery Networks which are being injected with malicious copies of the requested programs with malware being sent along with the updated software versions.

We started looking at Portable Apps installations as one area where we observed many applications updating over HTTP and we have posted previous guidance on how to verify these installations through known hashes.

While we appreciate the DNS bulletin, customers on some ISP's are seeing this occur more often depending on what IP address space is making the request. The same technology used to sinkhole malicious traffic is now being weaponized to infect unsuspecting end users.

You can read earlier blog postings about this issue.


Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.