Java-based Web Attack Installs Hard-to-detect Malware in RAM - haasaftess
A granitic-to-discover piece of malware that doesn't make over any files on the affected systems was dropped onto the computers of visitors to popular news sites in Russia in a drive-aside download attack, accordant to security researchers from antivirus established Kaspersky Lab.
Drive-away download attacks are one of the primary methods of distributing malware over the Network. They usually exploit vulnerabilities in outdated software package products to infect computers without requiring user interaction.
Kaspersky Lab researchers recently investigated so much an attempt on visitors to www.ria.ru, a website that belongs to the Russian RIA Novosti news agency, and www.gazeta.ru, a popular Russian-spoken language online newspaper.
The onslaught code loaded an exploit for a known Java vulnerability (CVE-2011-3544), only information technology wasn't hosted happening the emotional websites themselves. Instead, it was served to their visitors through banners displayed by a third-company advertising service called AdFox.
What's interesting all but this particular onslaught is the typewrite of malware that was installed in cases of no-hit exploitation: one that lonesome lives in the computer's memory.
"The operation of such an overwork involves saving a malicious file, usually a dropper or downloader, connected the disc drive," aforementioned Kaspersky Lab expert Sergey Golovanov, in a blog post on Fri. "However, in this pillow slip we were in for a surprise: No new files appeared on the hard drive."
The Java feat's payload consisted of a rogue DLL (dynamic-link library) that was loaded and attached on the fly front to the legalise Java process. This type of malware is thin, because IT dies when the system is rebooted and the memory is exonerated.
However, this wasn't a job for the cybercriminals behind this particular lash out, because of the identical eminent chance that most victims would revisit the dirty news websites, Golovanov said.
The malicious DLL loaded into storage acted atomic number 3 a bot, sending data to and receiving instruction manual from a command and control server finished HTTP. In some cases, the instructions granted out by attackers were to put in an online banking Trojan on the compromised computers.
"This attack targeted State users. However, we cannot find retired that the same exploit and the same fileless bot will be used against mass in other parts of the world: They can be distributed via twin banner or teaser networks in other countries," Golovanov said.
The best protection against this type of attack is to celebrate the installed software along computers up to date, especially browsers and their plug-ins. In case exploits that target antecedently chartless vulnerabilities are used, it's best to have an antivirus product moving that is capable of scanning Web traffic and detecting attack encrypt generically.
It's ideal to turn back the infection in its early stages, because once this type of "fileless" malware gets loaded into memory and attaches itself to a sure process, it's much harder to detect by antivirus programs, Golovanov said.
Source: https://www.pcworld.com/article/469180/javabased_web_attack_installs_hardtodetect_malware_in_ram.html
Posted by: haasaftess.blogspot.com
0 Response to "Java-based Web Attack Installs Hard-to-detect Malware in RAM - haasaftess"
Post a Comment