Add to favourites
News Local and Global in your language
21st of October 2017


Adware Hits Equifax Website

Generic Security/Hacking

Credit reporting agency Equifax already earned its place in the history books for a "cybersecurity incident" that impacted more than half of all adult Americans. Names, Social Security numbers, birth dates, addresses, and driver's license numbers were all exposed through the company's website.

This week, it seemed the Equifax site was compromised yet again. As Ars Technica reports, for several hours on Oct. 11, anyone visiting the Equifax website may have been presented with a Flash Player update prompt. It was fake, and installed adware (specifically Adware.Eorezo). Independent security analyst Randy Abrams discovered the hack and managed to trigger it several times yesterday.

Here's a video showing how the malicious Flash Player update prompt appears while browsing the site:

[embedded content]

The situation was made worse because only three antivirus providers (of 65) detected the adware being used and offered protection (Panda, Symantec, and Webroot). Everyone else was left with an infected machine or domains flagged as suspicious by security suites.

In a statement, Equifax said "its systems were not compromised and that the reported issue did not affect our consumer online dispute portal.

"The issue involves a third-party vendor that Equifax uses to collect website performance data, and that vendor's code running on an Equifax website was serving malicious content," Equifax continued. "Since we learned of the issue, the vendor's code was removed from the webpage and we have taken the webpage offline to conduct further analysis."

Editor's Note: This story was updated at 4:45 p.m. ET with comment from Equifax.

Read More

Leave A Comment

More News Breaking News



FOX News




Disclaimer and is not the owner of these news or any information published on this site.