Equifax official site promotes adware

Another Equifax fatal mistake

Equifax company IT experts should take courses on cybersecurity

Speaking of Equifax, it has extremely rotten luck. In fact, the word “luck” may not be used at all when it comes to the continuous misfortunes descended on this American credit reporting agency. Apart from the breach, a while ago, the company was directing users to a phishing scam instead of their genuine website. While it seemed it cannot get worse, security specialists have discovered that the official site of Equifax was promoting a malicious Adobe Flash Player update.

Going down in flames

While the media still speculate about 143 million American as well as 400 000 British users’ personal data leak, and the causes of the incident, Equifax has another bad news to report. On October 11, IT expert Dan Goodin discovered deceptive behavior in the main Equifax website.[1] While surfing through its pages, users might have been redirected to an external site promoting malicious Adobe Flash Player.

Activating it would download malware identified as “adware.Eorezo.” It would later result in the surplus of commercial pop-ups. Fortunately, several hours after the publication of Randy Abrams’ documentation of the deceptive behavior, the company eliminate the malicious script from the website.

A streak of bad luck?

It seems that Equifax still cannot escape the loop of misfortune. Earlier this month, the name of this company was escalated again after IT experts revealed that Equifax was actually promoting a phishing site instead of their www.equifaxsecurity2017.com.

As Sophos[2] researchers point out, it would have been a much wiser decision to create a subdomain to the original equifax.com domain. Let alone the fact that it would have been more convenient for users, it would have decreased the possibility of another malicious exploit.

Unfortunately, Equifax did not come to such conclusion. Perhaps due to the intention to improve its tarnished reputation after the breach, they set up the website for customers to check whether their data has been leaked.

However, cyber villains would exploit such mistake and create an almost identical site but the malicious one. Luckily, security expert Nick Sweeting was quicker. He set up securityequifax2017.com. All seemed fine and dandy, except the fact that it was a fake site. It was promoted in the official Equifax tweets. Surprisingly, messages containing the wrong link has been tweeted for three weeks.

The data breach sparks too many questions

The scale of a data breach was indeed massive affecting not only millions of US citizens but UK customers as well. Naturally, the incident attracted the Federal Trade Commission attention. Equifax admitted that the fault lies in Apache Struts CVE-2017-5638 vulnerability.[3]

However, the company failure to update the application on time triggers more speculations. Furthermore, the analysis revealed that Equifax servers were hacked already in March[4]. The question why the company did not notify its clientele about the incident also remains unanswered.

Taking a look back several months ago, M.E.Doc company responsible for WannaCry outbreak also “forgot” to apply security updates. Equifax, managing such amount of personal data, did not learn anything from the mistakes of the former company. The final question arises, whether the hackers responsible for Equifax data breach succeeded in the misdeed without the assistance from “inside.”

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions