Hello, welcome to the Thursday, February 14th, 2019 edition of the Sandcent, Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Brad looked at a recent example of one of these fake update campaigns, and you probably have seen

them. I actually personally

consider them the most dangerous type of malware that you usually see against

Max being used. Now works against Windows 2 and the attack that Brad looked at here

was targeting Windows at least when he pulled it up,

even though I've seen them sort of adapt their lure based on what operating system and what browser use to actually visit the site.

The way they work is that a website gets compromised and is then being used to advertise

these fake updates.

They can get quite sophisticated in the way they look.

They try to emulate the real update notifications as much as possible.

Now the example that Brad here has is Chrome. I've seen quite a few

fake updates in particular again against a Mac OS users that advertise updates for Flash.

So take a look at it and look at some of the traffic patterns that Brad describes. Now he mentions that this particular

case that he looked at was a little bit unusual in that it still used HTTP. Many of these campaigns

are now using HTTP, which of course makes detection a bit more complex.

Well, in talking about fake installers and Mac OS, Carbon Black actually has a write-up about

one that they recently ran into.

It's a variant of Schlayer.

Now, Schlaher has been around since at least a year or so ago, Intego

has written about it, but this new variant adds a couple new tricks sort of to its repertoire.

...