Author Topic: Trojan Distributed in New Mass Injection Attack via Java Downloader  (Read 2574 times)

0 Members and 1 Guest are viewing this topic.

malcontent

  • Guest
http://news.softpedia.com/news/Trojan-Distributed-in-New-Mass-Injection-Attack-via-Java-Downloader-174971.shtml
Quote
Security researchers warn that a new mass injection attack is underway directing the visitors of hundreds of websites to a malicious Java applet which downloads a trojan.

According to Denis Sinegubko, the creator of the Unmask Parasites Web scanner, the malicious code is added at the end of HTML pages on compromised websites and takes the form of an obfuscated JavaScript function.

When parsed by the browser, this function adds a rogue IFrame to the HTML document, which loads a new.htm page from aubreyserr.com, medien-verlag.de or yennicq.be.

According to statistics from Google's Safe Browsing service, around 2,000 websites link to these domains, giving a rough estimation of the attack's impact so far.

The page called by the IFrame loads a Hidden.jar applet deceptively titled "Java Update." This is a Java OpenConnection-type downloader whose only purpose is to download and execute a file called host.exe.

The three domains serving the malware are actually legitimate, but their corresponding websites have been compromised.

Offline danny96

  • Malware Fighter
  • Advanced Poster
  • **
  • Posts: 668
  • No-malware!
Re: Trojan Distributed in New Mass Injection Attack via Java Downloader
« Reply #1 on: December 30, 2010, 09:15:59 AM »
so be careful  :o
hope avast will detect it as soon as will can!
Real-time protection and Firewall: COMODO Internet Security 12.0.0.6810 -- Additional Protection: Web Of Trust, Ublock, NoScript, Malwarebytes Premium, Avast! Online Security, Hitman Pro -- OS: Windows 10

Gargamel360

  • Guest
Re: Trojan Distributed in New Mass Injection Attack via Java Downloader
« Reply #2 on: December 30, 2010, 09:17:01 AM »
Thanks.

Should have posted it here, though>>http://forum.avast.com/index.php?topic=52252.0

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88140
  • No support PMs thanks
Re: Trojan Distributed in New Mass Injection Attack via Java Downloader
« Reply #3 on: December 30, 2010, 04:52:05 PM »
The web shield is generally all over these hacked sites and obfuscated javascript like a rash, much more accurate than anything I've seen as this frequently shows in virustotal results.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security