Hello and welcome to the Wednesday, May 27, 2006 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu credit certificate program in penetration

testing and ethical hacking. Well, let's start today with a little bit of different spin on

AI. In this case, it's actually, well, not really AI at all. It's just a fake clot AI download

page that is being used by attackers to install the ECR stealer.

ECR stealer has been around for a while. It's sort of your standard info stealer stealing credentials and the like.

Often also consider sort of a malware as a service where attackers will install it and then basis of provide also the malware

and the credentials to the actual organization behind these attacks.

Now, the organizations that are sort of renting or buying ECR Steelers, they have then to find

a way for users to actually install it.

And in this particular case, well, they went with Google Ads,

the good old and proven method to trick users to install software.

When you're searching for Cloud, you may actually end up with a malicious code,

in this case with the InfoSteeler.

The download page, well, the domain looks nothing like Cloud,

like the one that Brad found here is Fairpoint29.com,

but there are likely many others, similar ones out there as well.

But the looking feel of the page, of course,

does match the official claw page.

So unless someone looks at the URL, they may not necessarily notice that they are on a malicious page.

And Microsoft actually surprised late last week with a surprise update for SharePoint.

...