MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

30.6.11

JAVA Drive-by [infection] On Demand

JAVA is one of the largest computer technology integration in the field of cybercrime because of its status as a "hybrid". This transforms Java platform in a highly exploited vector for the spread of all types of malicious code.

Even the modern crimeware includes a battery of exploits created to exploit vulnerable versions of JAVA through Exploit Packs, and in fact, together with the PDF files, exploits for JAVA are those with higher success rate.

Now, Drive-by is one of the most widely used techniques to propagate and automate the process of infection via the web. Especially through websites that promise via streaming video display or visual social engineering strategies similar. Combining this methodology with JAVA simply results a Java Drive-by; that is technically the same but using JAVA language and resources. Did you ever see some of these templates?...


...Probably many times!

Every day we see these websites are usually hosted on sites that offer free file storage, but they conceal the necessary instructions to "streamline" the process of infection, simply using a Java applet. In chronological order, the images correspond to the options of: Photo Gallery, Camera Chat and Video Streaming respectively. All, created an automated way through iJAVA.

iJAVA is a On Demand generator (Java Drive-by Generator) of Arab origin, since its first version had a very good acceptance in the area of ​​cybercrime because it allows in just a few clicks, create a simple web page, link to this site a customized malware and automatically upload the page, for example, to one of these services free storage. A dose of visual trivial social engineering but unfortunately extremely effective.

iJAVA Version 1. In just three steps propagators of malware pose a threat personalized accompanying the action with a dose of social engineering.

iJAVA Version 2. Adding a series of "extras", like the previous version, the creation of the strategy is defined in only three basic steps.
Some examples in the wild:

Unlike the first version, the second generation to customize a template itself, which the design is used to "capture" of victims is limited only to the imagination of the attacker being able to achieve infection strategies such as:


Saving time is also an important factor for cybercriminals. And with applications of this style, get the automation necessary to cost savings in terms of time and of course, profits also in economic terms, since in spite of the triviality of the maneuver, cybercriminals often use them in campaigns related to business type of PPI (Pay-per-Install) to boost the economy through affiliate programs.

Related information:
Automatización en la creación de exploits
Automation in creating exploits II
Automating processes anti-analysis through of crimeware
Process Automation anti-analysis II

0 comentarios:

Post a Comment