May 9, Help Net Security – (International) Java drive-by generator used in recent attack. A malware delivery campaign that doubles infection efforts to ensure users are compromised was recently spotted by F-Secure researchers. One discovered a Web site that poses as a "Gmail Attachment Viewer," which attempts to make the visitor run the offered application. The pop-up warning from Windows identifies it as a "Microsoft" application, but says the app's digital signature cannot be verified, and the app's publisher is "Unknown." If the user chooses to run the app, he/she faces a Cisco Foundation invitation to attend a conference, while the download and quiet installation of a malicious binary are performed in the background. The message contains an embedded link that attempts to download the same malware. The researcher does not mention how she ended up on the site in question, and what type of malware is actually pushed onto the user, but points out that the infection is generated using Java Drive-by Generator. "The generator allows the attacker to use random names or specify their own preference for both the Java file and the dropped Windows binary," the researcher explains. The tool also indicates to the attackers how many infections the delivered malware affected.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyTags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.