Posts tagged: Blackhole Toolkit

Jan 10 2013

New Java 0-Day Exploit Spotted in the Wild

Java 7 0-Day ExploitA new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer.

The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via vectors related to unspecified classes that allow access to the class loader, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681.

By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.

CVE Standard Vulnerability Entry: CVE-2013-0422

This actual vulnerability was later confirmed by security firm AlienVault Labs. With Kafeine’s help, the company reproduced the exploit on a new, fully-patched installation of Java, and used a malicious Java applet to remotely execute the Calculator application on Windows XP as shown in the below screen-shot:

Java 7 update 10 0-day exploit demo

Jan 24 2012

QR Codes Being Exploited by Hackers to Distribute Malware

QR Code HackHackers are using QR codes to distribute malware to smartphone owners, says AVG.

According to the security firm’s AVG Community Powered Threat Report – Q4 2011, QR codes are becoming more popular with mobile users when it comes to accessing web pages or information without the need for typing in text or a URL, as the codes can simply be scanned by a handset and then automatically direct the user to the information. However, hackers are beginning to exploit this popularity as the user does not know what lurks behind the QR code until the malware is already installed and running on their device.

“In Q4 we clearly saw the convergence between computers and mobile phones applies to malware too. As phones become more like computers, so do the risks,” said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies.

“Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater.”

AVG also revealed 2011 saw a surge in the number of Android malware samples detected as well as the number of smartphones running Google’s operating system. Furthermore, stolen digital certificates, which are used to trick a user into believing the application is genuine, are also being used to target mobile device owners along with Rootkits, which AVG said are “evolving to be much more sophisticated”.

The security firm said the Blackhole toolkit is currently the most active threat on the web, accounting for half of all detected instances and over 80 percent of all toolkits found this quarter. The USA remains the largest source of spam, but is now followed by the UK, which jumped from fourth to second place overtaking India and Brazil this quarter.