Equifax website hacked again, Malware found in fake flash player update

  • Twitter
  • Facebook
  • Google+
  • Pinterest

Equifax is a consumer credit reporting agency. It is responsible for collecting aggregate information of over 800 million consumers and more than 80 million businesses worldwide. It is one of the oldest and largest agencies in the world and was started in 1899.

According to a recent news by Ars Technica, it seems like Equifax lacks when it comes to security as the website has been hacked. A security analyst by the name of Randy Abrams spotted a malicious software on the company’s website, which is commonly known as adware.

An adware is a type of malware which displays unwanted advertisements to the user of a computer when online. These advertisements mostly appear in a form of pop-up window which sometimes can not even be closed.

This adware penetrates into your computer by malware infested links. It can just appear as a download file that you need in order to fix your computer or an update to an existing software on your computer. Be that as it may, tap on the connection or the link, and blast – your PC is contaminated. This technique is used by many hackers, they hack a few pages on a site and insert malicious software in it.

A similar thing happened with Equifax.com, visitors were being redirected hxxp:centerbluray.info where a pop up appears showing a flash update, this isn’t actually a flash update instead it tricks people into downloading what Symantec identifies as Adware.Eorezo. This malware once installed will flood internet explorer or some browsers with unwanted advertisements.

Image by Ars Technica

This malicious software was first reported by Abrams when he visited equifax.com and tried to contest a false information on his credit report.

The company took notice of it and cleaned up the adware downloader and the site even went offline for few days for further analysis. The company says that the IT experts and security analyst are looking into the problem and they will share more information once it becomes available.

According to an Equifax Representative:

“Despite early media reports, Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal.

The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor’s code running on an Equifax website was serving malicious content. Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the web page offline to conduct further analysis.”

This is not the first time that this website was hacked, once personal information about 143 million Americans was compromised due to a software flaw that could have been fixed well before the theft happened

These adwares can not be completely stopped as this all works on complex algorithms. However, to be safe one must look out while clicking a link and avoid downloading files from unknown sources. You must also install a well known antivirus and keep it updated.

Leave a Reply

Your email address will not be published.
Required fields are marked *