New Injection Campaign Peddling Rogue Software Downloads
A mass injection campaign has surfaced over the last two weeks that’s already compromised at least 40,000 web pages worldwide and is tricking victims into downloading rogue, unwanted software to their computer.
The campaign, dubbed GWload by researchers at Websense, relies on a Cost Per Action scam that convinces users into thinking the page they’ve navigated to has been locked and that they need a special version of VLC Player to open it.
A Cost Per Action scam is a social engineering ploy where the attacker locks content until a certain access is completed. In this case, attackers are using code to defeat browser-based ad-blocker software and then tricking users into downloading something they don’t need.