Researchers at Computer Security Company Trend Micro are reporting non-government organizations (NGOs) that are getting attacked with backdoor-assaults resulting from a website hijack that unleashed one destructive Java applet identified to be JAVA_DLOAD.ZZC and abusing a security flaw within Java.
The flaw, JAVA_DLOAD.ZZC exploits, is called CVE-2011-3544 and its exploitation results in the installation of TROJ_PPOINTER.SM that in turn plants BKDR_PPOINTER.SM. Linking up with one particular URL, BKDR_PPOINTER.SM exchanges instructions with its controller. Moreover, while on the infected PC, it collects information regarding that machine too.
Furthermore, investigation reveals that the first NGO struck is probably one target from the several within this assault, while the assault as such is particularly devised to hit the targets. Investigators during the probe discovered that cyber-criminals used the attack strain associated with the NGO on human rights for labeling both the newly created file and associated folder within the hijacked Brazilian site: "hxxp://{BLOCKED}.com.br/cgi-bin/ai/ai.jar" and "hxxp://{BLOCKED}.com.br/cgi-bin/ai/ai.html."
Nart Villenueve, Researcher at Trend Micro tested this and discovered more files and their folder that were supported on the same hijacked site although with separate strains, thus strongly indicating that other targets too existed.
What's more, the files recovered via the web addresses such as "hxxp://{BLOCKED}.com.br/cgi-bin/so/so.html," "hxxp://{BLOCKED}.com.br/cgi-bin/hk/hk.jar" and "hxxp://{BLOCKED}.com.br/cgi-bin/hk/hk.html" too contained the identical strain, with the files currently identified as BKDR_PPOINTER.SM and JAVA_DLOAD.ZZC.
Researchers from the Trend Micro Company said that the attack seemed as being related to one wicked plan for striking human rights activists.
No comments:
Post a Comment