Update: Drive-by-download attack preparations using our labels (Greenbone and OpenVAS)

Related to the previous post about drive-by-attacks using our label, there are some new details and additional variants about this attack method.
We currently see a lot of links being published in the WorldWideWeb where the title claims that the content of that page or subdomain is about:
“OpenVAS Vs Nessus”
“Openvas Linux”
“Openvas Scan Windows”
“Openvas Port List”
The domains where these pages are hosted are sort of unsual for technical or information security topics, which should be your first point of caution.
Second, in case you see a sub-domain, current situation indicates that the subdomain for this attack are build up following this structure:
abcd.real-domain-name.cctld/“title”.html where title is as mentioned above.
abcd is a random combination of 4 alphabetical letters
A quick check with Virustotal of some of the URLs we have seen indicates that they are made up for Malware spreading.
Please be cautious about those (sub)domains or pages as already stated in our intial post.

2 Likes