[FSec] Java Drive-by Generator

Newsfeed

Nachrichtenbote
Ran across a quite interesting infection today. I visited a site that prompted me a security warning about a "Microsoft" application from an unknown publisher. The site is actually pretending to be a Gmail Attachment Viewer. Microsoft+Gmail? Fail.

google_attachment.PNG


After allowing the application to run, it redirects to a Cisco Foundation invitation while downloading a malware binary in the background.

cisco_invite.PNG


The message also contains a malicious link that downloads the same malware. Perhaps to make sure that you really get infected.

Anyway, this infection is generated using iJava Drive-by Generator, which apparently has been around for a while now.

The generator allows the attacker to use random names or specify their own preference for both the Java file and the dropped Windows binary.

ijava_main.PNG


iJava also keeps track of infections. Below is the data from the infection mentioned above:

ijava_2ndpg.PNG


Which shows that for this particular malware, the infection only started yesterday. So far there's only 83 visits to the Java drive-by link.

And thankfully, he's not very successful (knock on wood):

ijava_stats.PNG

On 08/05/12 At 03:27 PM

Weiterlesen...
 
Zurück
Oben