Saturday, December 20, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
T-Mobile to Pay $90 Million To Settle Case With FCC
New Trojan Targetted Banks Wordlwide
FBI Confirms North Korea Was Behind Sony Hack
Apple Responds To BBC's Allegations Over Working Conditions In Chinese Factory
BlackBerry Returns To Cash Flow
Comparison: Quantum Dot Vs. OLED Displays
Toshiba and SK Hynix Reach Settlement in Lawsuit Ahead Of CES
Google Concerned About MPAA's Actions To Revive SOPA
Active Discussions
Digital Audio Extraction and Plextools
Will there be any trade in scheme for the coming PSP Go?
Hello, Glad to be Aboard!!!
Best optical drive for ripping CD's? My LG 4163B is mediocre.
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
 Home > News > General Computing > Java Ex...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, January 15, 2013
Java Exploit Behind "Red October" Cyber Attacks


Security researchers from Seculert discovered that the attackers of the large-scale cyberespionage operation dubbed "Red October" were taking advantage of Web-based Java exploits as well as malicious Excel and Word documents.

Kaspersky Lab's researchers published the results of their investigation into Red October on Monday. According to their report, the victims were targeted via rogue email messages that contained malicious documents designed to exploit known vulnerabilities in Microsoft Excel and Word.

However, after investigating the Command-and-Control (C2) servers used in the "Red October" campaign, Seculert researchers identified a special folder used by the attackers for an additional attack vector. In this vector, the attackers sent an email with an embedded link to a specially crafted PHP web page. This webpage exploited a vulnerability in Java (CVE-2011-3544), and in the background downloaded and executed the malware automatically, the researchers said.

The discovery was made possible because the attackers switched from using PHP as the server-side scripting language on their command and control servers to CGI. Some older PHP-based attack pages were still left on the servers and accessing them in a browser revealed their source code, the Seculert researchers added.

Further analysis is impossible at this time because the command and control servers have been shut down, most likely by the attackers in an attempt to cover their tracks, Seculert's researchers added.

The attack pages, the Java exploit itself and even the URL for the malware payload contained strings referencing "news," in an effort to trick the victims.


Previous
Next
Microsoft Advances the Cloud OS With New Management Solutions        All News        564 Million Chinese Have Internet Access
Microsoft Advances the Cloud OS With New Management Solutions     General Computing News      564 Million Chinese Have Internet Access

Get RSS feed Easy Print E-Mail this Message

Related News
Researchers Identify New iOS Vulnerability
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach
Microsoft Disrupts Nitol Botnet
Kaspersky Discovers New IT Virus Linked To Stuxnet

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .