Tag Archive for: Ask.com

Ask.com serves as a conduit for malware – again

/in

Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods.

In both cases attackers managed to infiltrate the Ask.com updater infrastructure to the point that they used legitimate Ask signing certificates to authenticate malware that was masquerading as software updates.

And in both cases Ask Partner Network (APN), which distributes the Ask.com toolbar, told the security vendors who discovered the incidents that it had fixed the problem. The first one was discovered by security vendor Red Canary, and the second was caught by Carbon Black, whose researchers just wrote about it in their company blog.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Attacks to make Ask.com Toolbar a conduit for malware are nipped in the bud

/in

Attackers who were trying to turn the Ask.com Toolbar into a malware dispensary got caught early on when their scheme was picked up by security services that were looking for anomalies.

The malicious actors are unknown but they managed to get the legitimate Ask.com toolbar update feature to place a dropper/uploader into the browsers of several customers of security firm Red Canary.

Once installed, the dropper would bring in secondary malware including banking Trojans and other online-fraud code, says Keith McCammon, CSO of Red Canary. The secondary payloads varied, and some of the dozen or so compromised machines his team found had downloaded more than one kind, he says.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

For Ask.com, Foray Into Social Search Points to Mobile (Liz Gannes/NetworkEffect)

/in

Liz Gannes / NetworkEffect:
For Ask.com, Foray Into Social Search Points to Mobile  —  Ask.com is in the process of reformulating itself, having dropped its algorithmic search offering and laid off 150 employees in November.  The company is billing the changes, which came after a community Q&A launch in July …

Read more