Crimeware industry still rising, and just as illegal marketing of web applications that seek to automate the process of infection through the exploitation of vulnerabilities.
This time, the proposal called JustExploit. This is a new Exploit Pack of Russian origin who has a seasoning that is increasingly being taken into account most heavily crimeware developers: the exploitation of vulnerabilities in Java. That is, in addition to exploit known vulnerabilities for MDAC and PDF files, exploits Java in all those computers that have installed the runtime.
The catch statistics for the module (
Intelligence) which clearly shows that from this application you are controlling a large number of computers using different browsers and different operating systems, among which is the famous
Windows Seven.
Another interesting fact which emerges from this module is the high rate of effectiveness which has the exploitation of the vulnerability in Java, with even a greater success rate with respect to two other vulnerabilities (MDAC and PDF).
Through a file “index.php” script that has a dull, JustExploit try to run three exploits for vulnerabilities CVE-2008-2992, CVE-2009-0927 and CVE-2008-5353. Here we see part of the script.
Among the files that are downloaded, is the operator of Java, called “
sdfg.jar“, with a low detection rate. According to VirusTotal, only 15 of 41 antivirus engines.
In addition, the kit includes the following downloading malicious files (which for the moment, also have a very poor detection rate):
- example.pdf 8/41 (19.51%)
- annonce.pdf 7/41 (17.07%)
- load.exe 25/41 (60.98%)
This activity is In-the-Wild relatively short time ago and is a dangerous attack vector that is actively being used by botmasters, as we have seen, with striking effectiveness.
Related information
DDoS Botnet. Nuevo crimeware de propósito particul…
T-IFRAMER. Kit para la inyección de malware In-the…
ZoPAck. Nueva alternativa para la explotación de v…
ZeuS Botnet y su poder de reclutamiento zombi
Eleonore Exploits Pack. Nuevo crimeware In-the-Wild
Mirando de cerca la estructura de Unique Sploits Pack
Adrenaline botnet: zona de comando. El crimeware ruso…
YES Exploit System. Otro crimeware made in Rusia
Barracuda Bot. Botnet activamente explotada
ElFiesta. Reclutamiento zombi a través de múltiples amenazas
Jorge Mieres
Pistus Malware Intelligence
View full post on EvilFingers
Related Posts
- Poisoned Google image searches becoming a problem
If you are a regular user of Google's search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its be... - FAKEAV Update: Java Vulnerabilities and Improved Fake Alerts
There have been recent talks within the security industry about the increasing use of Java vulnerabilities by attackers. Last week, security blogger Brian Krebs noted how Java was being used by exploi... - Oracle Updates Java to Fix 29 Vulnerabilities
An update to Java from Oracle patches an ominous-looking set of vulnerabilities.
The new version Java 6 Update 22 (updates are also available for the 5.0 version of Java) fixes 29 vulnerabil... - Unruy downloader uses CVE-2010-0094 Java vulnerability
Unruy is a family of trojan downloaders and unsolicited advertisement "providers" and although you might not have heard about it, it also is an infection vector for a rather prevalent family of rogues... - Online iPhone Jailbreak Uses iOS Vulnerabilities
Earlier this week, a jailbreak for Apple’s iPhone 4 was released to the public by a developer known as “Comex.” By visiting a special website, users are able to jailbreak their devices far more easily... - JailbreakMe 2.0 Uses PDF Exploit
The iOS drive-by jailbreak available at jailbreakme.com (see yesterday's post) utilizes a PDF exploit. The PDF files, 20 of them, for various combinations of hardware/firmware, are located in ... - Java: Worse than Adobe and Microsoft for vulnerabilities?
Brian Krebs thinks so:
Java is now among the most frequently-attacked programs, and appears to be fast replacing Adobe as the target of choice for automated exploit tools used by criminals.
Of th... - Apple Updates Java, Fixes 30 Vulnerabilities
Apple has released new versions of Java fixing a total of 30 vulnerabilities, the oldest of which is well over a year old.
Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2... - ebnvnos.com – Flash and Java vulnerabilities in the wild – Waledac – part 0
The domain ebnvnos.com it seem related to once of the spreading stage that exploit something about Adobe Flash Player and Java. The following usually robtex screen shot help to know a bit more about i... - ebnvnos.com – Flash Java and PDF vulnerabilities in the wild – Waledac – part 0.1
Another URL (many thanks to mdl for rememinder) related to the ebnvnos.comhxxxxxxxp://ebnvnos.com/lib1/dontLayout.pdfand related wepawet analysis:http://wepawet.cs.ucsb.edu/view.php?hash=629a6aa81a426...
Posted on 04 May 2010. Tags: Exploit, Java, JustExploit., uses, Vulnerabilities
