“…The latest discovery was made by Kaspersky Lab, which received reports of a malware attack hitting a common Java vulnerability (CVE-2011-3544) on Russian Web sites, but without appearing to drop any files in order to instigate a conventional Trojan attack.
In fact the attack turned out to run Javascript from an iFrame embedded on an infected Web site, injecting its encrypted .dll payload directly into the Javaw.exe process.
The purpose of the unusual malware appears to be … to act as a ‘pathfinder’, setting up a bot to communicate with a command and control server from which it can receive instructions, including one to install the Lurk data-stealing Trojan on the infected PC.
…The disadvantage of this attack is that the user can clear it from memory by restarting the machine in which case a new infection would be required. In return for this inconvenience, it is extremely hard to detect. No files are written and at first at least no files are changed on the target PC. If the exploit being targeted is unpatched then security programs will not pick it up easily.
The use of Java also makes it multi-platform, able to target PCs, Macs and Linux computers…”
Full Story: http://www.itbusiness.ca/it/client/en/home/News.asp?id=66644
0 Comments