![]() It’s worth pointing out that in that time the source code of the exploit became publicly available and only the laziest cybercriminals failed to use it in their attacks: our collection already has more than a hundred malware variants that exploit this vulnerability. Remarkably, the programmers at Microsoft had been aware of this loophole for a number of months, but it was only patched a month after it began being exploited. ![]() The attack was carried out using emails with links to malicious sites these sites contained exploits which resulted in the main executable file being stealthily downloaded to victim machines. The attack was designed to gain access to personal data and corporate intellectual property such as project source code. The attack, which received wide coverage in the IT media, targeted major organizations (including Google and Adobe) and was named Aurora after part of the file path name used in one of the main executable files. It was identified after a massive targeted attack on several versions of Internet Explorer in January. At number nine in the second rating, Aurora.a is the exploit targeting the CVE-2010-0249 vulnerability. We have already written in some detail about this malware but it’s worth mentioning again that in addition to its main payload – remote management of infected machines – it can also download other malicious files.Īnd now back to Exploit.JS.Aurora.a, which was mentioned above. The main executable file is the now familiar, packed using various malicious packers (several of which are detected as and ). The methods used are mostly traditional – exploiting vulnerabilities in major software products such as Internet Explorer ( CVE-2006-0003) and Adobe Reader ( CVE-2007-5659, CVE-2009-0927 as well as downloading via a special Java applet. These links lead to pages containing another script which uses a number of different methods to download the main executable file. To ensure users don’t suspect anything, the names of popular websites are used in the addresses of malicious pages, for example: A user that visits an infected site is redirected by the malicious script to a cybercriminal resource. This is a downloader program and in some ways it’s not unlike Gumblar, in that it also infects perfectly legitimate websites. Secondly, the Pegel epidemic that started in January grew almost six-fold – there are four representatives of this family among the new entries, one of which made it straight to third place. We’ll be keeping track of any further developments. However, this time the black hats haven’t changed their approach in any significant way they’ve simply been gathering new data that can be used to access websites prior to infecting them en masse. Last month, we suggested there might be another Gumblar attack and it didn’t take long to materialize. The state of affairs regarding malware on the Internet in February was quite remarkable, which is reflected in our second rating.įirst of all, there was a dramatic surge in Gumblar.x, which has once again regained top spot after virtually disappearing completely in January. This ranking includes malicious programs detected on web pages and malware downloaded to victim machines from web pages. The second Top Twenty presents data generated by the web antivirus component, and reflects the online threat landscape. Whether this is true or not is up to the individual to decide. It also says that all the data collected is used exclusively to “help shape the future of the Internet” and that the data is well secured. The company’s privacy policy and ULA states that the program tracks virtually all user activity, particularly Internet activity, automatically collecting personal information and saving it to the company’s servers. This RelevantKnowledge application spreads and is installed along with other software products. The case of not-a-virus: .aw (in thirteenth place) is rather more complex. It also modifies the pages visited so that these pages display adverts. It’s a toolbar for popular browsers and provides users with easy access to resources on some websites (usually those with multimedia content). ![]() Other newcomers in February included two adware programs.įunWeb.q in 20th place is a perfect example of an adware program. Further details are given in the section “Malicious programs on the Internet”. ![]() This exploit was widely used in February and consequently entered in the ratings in seventh place. There was no change to the top 5 malicious programs this month and judging by the number of infections, the Kido epidemic has eased off slightly.Įxploit.JS.Aurora.a, which, as its name suggests, is a program designed to take advantage of vulnerabilities in a variety of software products. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |