Home » Blog » equifax-redirecting-to-fake-updates

Equifax Website Caught Redirecting Visitors to Fake Flash Updates

November 7, 2017

Of late, the going has been tough for national credit rating bureau, Equifax, as well as its customers - most of us! In September of this year, the company revealed a security breach that took place in May and exposed personal information (Social Security Numbers, names and other details) of around 145.5 million Americans and 15.2 million individuals from the UK. Now the company is in the news again with a security researcher spotting an ad campaign spreading malware from the company’s website.

On Wednesday, October 11, Randy Abrams, an independent researcher, spotted malicious ads on the Equifax website designed to trick visitors into installing a fake Adobe Flash update. Mr. Abrams had visited the site with the intention of contesting recent suspicious activity on his credit report; but, when he noticed the malware, he decided to investigate further. After being redirected to the fraudulent Flash website, he downloaded the malicious payload being offered. An initial scan conducted on the file with VirusTotal showed that only three security apps – Symantec, Panda and Webroot, were able to identify it as malicious.

Referred to as Adware.Eorezo by Symantec, the malware wasn’t very dangerous – all it did was inject ads into Internet Explorer browser windows. In fact, according to Symantec, variants of this virus have been existent on the Web since 2012. However, most of Equifax’s customers remain puzzled by one question – how did malicious advertising (or “malvertising”) infiltrate the Equifax website?

If truth be told, companies like the New York Times, Yahoo and AOL have all had to deal with this sort of malware at some point or another. Usually cybercriminals who unleash these kinds of attacks first look for popular websites to target and then hunt for weaknesses in their advertising code. It is worth noting that, in most cases, the vulnerable code, as well as the entire advertising system, belongs to a third-party provider, and not to the actual website.

The same proved to be the case for Equifax. When approached for an official comment, the company declared that its systems were not compromised and that the issue had no effect on the bureau’s consumer online dispute portal. Equifax stated that the matter involved a third-party vendor that it had employed to collect website performance data, and it was really the vendor’s code running on the credit bureau’s website that served the malicious content. Once Equifax learned of the issue, it removed the vendor’s code from the webpage and took it offline to conduct further analysis.

Thus, it would perhaps not be fair to blame Equifax for this entire fiasco. Having said that, it cannot be denied that the company should take preventive measures of its own and further encourage its online partners to identify and fix any shortcomings in their security systems. Given that the information stored by the company is extremely sensitive, it should take all steps possible to protect its customers.

$50,000 - $250,000 at 0% Interest:

At Fund&Grow, we help clients with good credit obtain as much as $250,000 of unsecured credit at 0% interest. This amount is available for a period of 6, 12 or 18 months and can be used for anything from financing a small business to providing down payment on a property. Interested? Call us at (800) 996-0270 and we’ll get you started immediately!


Ari Page Ari Page is the CEO of Fund&Grow. He resides in Spring Hill, Florida with his wife and two children.

Connect with Ari: linkedin-small-inline-connect-with-ari facebook-small-inline-connect-with-ari Ari Page on Twitter Ari Page on YouTube