The Latest in IT Security

Emails with malicious URLs use the tragedy in Boston to exploit vulnerable Java installations

17
Apr
2013

Yesterday the USA has suffered a bomb attack during a marathon that took place in Boston. This attack was characterized by the US President as a “terrorist attack” since it involved civilians.

Not even 24h later, we have started to see massive spam amounts which contain subjects like “Explosion at Boston Marathon”, “Boston Explosion caught on Video”. This social engineering technique is not new. We see this every time there is something happening in the world (war, natural catastrophes, social events) that is potentially interesting for a lot of people. It is called social engineering, it is an old technique, but every time it finds new victims.

2

1

Also on Facebook there were posts with links to various websites which are still being categorized. It is to be assumed that a big part of them point to such websites containing malware.

The emails contain only one single line which is an URL consisting of an IP address and an HTML page called “news.html” or “boston.html”.

Once visited, the page redirects to three other URLs which try to drop a JAR file on your system, if they detect that the computer has a vulnerable Java installation installed.

We wrote many times that Java is dangerous because of the so many exploits and most probably you don’t need it on your system. Learn here is how to disable or uninstall it.

The file will be downloaded from a randomly generated URL which is for each visitor different:

urls

The malicious file is saved in the TEMP directory of the logged on account and named “alifna.exe”. Further on it seems that the file is also random generated because each visitor gets a slightly different version of this. Fortunately, the files are not so much changed (not polymorphic) because our products already detect them generic as “TR/Crypt.ZPACK.Gen”.

So, nothing to worry, all Avira users are already safe.

Sorin Mustaca

IT Security Expert

Leave a reply


Categories

MONDAY, OCTOBER 21, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks