The success of a malicious attack is determined by several factors including how well it is crafted and what its distribution channel is.
Over the years, we have seen different methods used by the bad guys to deliver their nasty payloads. Social engineering, the art of tricking people into doing certain things, always yields a pretty good return.
Of course, drive-by downloads, where simply browsing to a site results in your computer getting infected, is also a very popular technique.
To add to these two methods, there’s a third one that we could call extortion where the end user has no other choice but comply with the bad guys’ demands.
Did you ever wonder what it looks like when all these techniques are combined? Look no further:
Fake YouTube showing pornographic videos.
We discovered this legitimate website that had been compromised. It pretends to be YouTube, although you will (our should) never see such content on there since it is very explicit material.
Exploit Kit authors must really love Java . Not only is it ripe with vulnerabilities but its own language provides a great platform to write and deliver malware in different ways. We are used to seeing encrypted payloads (XOR, AES encryption), applets containing both the exploit itself and the binary payload. Today we will talk about yet another combination which we nicknamed the “split”. Continue reading
As researchers find more security flaws in Oracle Java, the software continues to be used for exploitation and malware delivery. This year has been a shaky start for the cross-platform web technology, where it seems the number of documented vulnerabilities is hard to number.
If you recall in January, we saw a zero-day later found to be responsible for intrusions into companies like Microsoft, Apple, Facebook, and Twitter. Then in February, after seeing a Java patch with over 50 security fixes, reports surfaced thereafter that Bit9 was hacked using a separate java zero-day. Even still in March, an emergency patch was issued to address even more vulnerabilities.
Because we’re seeing java used more in malware, it’s important for researchers to know how to analyze and understand java code. Continue reading