Java Drive-by Doubles Effort

Thursday, May 17, 2012 @ 05:05 PM gHale


A malware delivery campaign that doubles its infection efforts to really make sure victims suffer a compromise is starting up.

It landed on a website that poses as a “Gmail Attachment Viewer,” which tries to make the visitor run the offered application, said F-Secure researchers.

RELATED STORIES
Ransomware Hits U.S., Canada
New Ransomware Gets Tough
New Ransomware Hits Cyber Street
Ransomware Thriving, Taking Control

The pop-up warning from Windows identifies it as a “Microsoft” app but says the app’s digital signature cannot be verified and the app’s publisher is “Unknown”.

If the user does choose to run the app, he gets a Cisco Foundation invitation to attend a conference, while the download and the quiet installation of a malicious binary goes on unnoticed.

The message contains an embedded link that, if clicked, again tries to download the same malware.

The researcher does not mention what type of malware actually goes out to the user, but the infection generates using iJava Drive-by Generator:

“The generator allows the attacker to use random names or specify their own preference for both the Java file and the dropped Windows binary,” the researcher said, and points out that the helpful tool also indicates to the attackers how many infections the delivered malware affected.



Leave a Reply

You must be logged in to post a comment.