In part 1 of this series, we talked about Dorkbot and its spreading mechanisms that required user interaction. In this post, we’ll talk about how Dorkbot spreads automatically, via drive-by downloads and Autorun files. Spreading vectors not requiring user interaction: Drive-by downloads and Autorun files Dorkbot can also spread automatically, without user interaction. We recently […]
Thanks to the Websense® ThreatSeeker™ Network, we have detected that an Iranian website has been compromised to serve a Remote Administration Tool (RAT) called VertexNet. This website does not have a high Alexa rank, but is one of a few cases which has caught our attention. The targeted website (reachable at the URL: hxxp://www.sarifire.ir) seems to be a portal documenting the activities of firefighters in the […]
Yesterday, FireEye documented a Java zero-day vulnerability (CVE-2012-4681) in the wild that is thought to have been used initially in targeted attacks. Symantec is aware that attackers have been using this zero-day vulnerability for at least five days, since August 22. We have located two compromised websites serving up the malware: ok.XXXX.net/meeting/applet.jar 62.152.104.XXX/public/meeting/applet.jar One sample […]
Latest Comments