Buffstream.stream Redirect

What is a Browser Redirect?

A redirect is a way of sending someone from one website to another. For example, if you wanted people on your website's homepage go to the page you wanted them on instead, you could set up the homepage link to redirect them. It would act like a bookmark, and they would end up at your desired page after clicking the home link.

A redirect can be used for many purposes. It cannot be used, however, to change a URL. It can only redirect people to another website or webpage. Here are some ways in which you might want to use some type of redirect:

While a redirect can be a useful tool for a website owner, they are regularly used by malicious threat actors to trick people into visiting compromised web pages. One example of this is the Buffstream.stream Redirect.

What is the Buffstream.stream Redirect?

The Buffstream.stream redirect is a browser-based attack that redirects victims to a malicious website without their knowledge. Once they log onto the malicious site, typically with their social login credentials, attackers take over their web browsers and strategically exploit the victim's browser to carry out an assortment of online scams. A typical scam underway using the Buffstream.stream redirect is to redirect the victim to a fake lottery scam page that can result in serious financial loss.

Note that we are only talking about browser-based attacks; smart TV, tablets and other remote control devices are not affected by this type of threat.

How does the browser redirection work?

There are different types of browser-based malware that use browser redirection. All of them rely on the fact that most users don't realize that, once they log into a web-based application (e.g. a social media site) with their Internet browser, their credentials can be stolen by attackers to circumvent any remote access security controls set up for those applications.

In the case of the Buffstream.stream redirect, it exploits a vulnerability in Internet Explorer that can be exploited by a malicious website to exploit Remote Desktop Protocol (RDP) to hijack the security context of other users on the same network. Once established, attackers may take over another user's browser and redirect them to their malicious website. This can make it easier for attackers to commit bank fraud, steal money or install other types of malware on victims' computers via their browsers.

Following the discovery of the vulnerability, Microsoft released a patch to fix it. While Microsoft has patched this vulnerability, if you are running an outdated version of Internet Explorer that does not support updates (version 10 or older), you are still vulnerable to this attack. This means that anyone who has not updated their browsers since 2014 is still vulnerable.