Il distributore belga reinderizzava al sito creato appositamente, quello italiano possedeva direttamente la copia infetta.
Quote:
To trap victims, the attackers built fraudulent websites. In one instance, they transposed two letters in a domain name to fool customers into thinking it was a legitimate installer site for WinRAR software. They then placed a prominent link to this malicious domain on a WinRAR distributor site in Belgium in order to lead unsuspecting users to their poisoned installer. Kaspersky Lab first detected a successful redirection on May 28th, 2016.
At almost the same time, on May 24th, Kaspersky Lab began to spot activity on an Italian WinRAR distributor site. In this instance, however, users were not redirected to a fraudulent website, but were served the malicious StrongPity installer directly from the distributor site.
StrongPity also directed visitors from popular software-sharing sites to its trojanized TrueCrypt installers. This activity was still ongoing at the end of September.
The malicious links from the WinRAR distributor sites have now been removed, but at the end of September the fraudulent TrueCrypt site was still up.
|
http://usa.kaspersky.com/about-us/pr...eat_StrongPity