The Latest in IT Security

Java Drive-by Generator

08
May
2012

Ran across a quite interesting infection today. I visited a site that prompted me a security warning about a “Microsoft” application from an unknown publisher. The site is actually pretending to be a Gmail Attachment Viewer. Microsoft+Gmail? Fail.

google_attachment (26k image)

After allowing the application to run, it redirects to a Cisco Foundation invitation while downloading a malware binary in the background.

cisco_invite (20k image)

The message also contains a malicious link that downloads the same malware. Perhaps to make sure that you really get infected.

Anyway, this infection is generated using iJava Drive-by Generator, which apparently has been around for a while now.

The generator allows the attacker to use random names or specify their own preference for both the Java file and the dropped Windows binary.

ijava_main (100k image)

iJava also keeps track of infections. Below is the data from the infection mentioned above:

ijava_2ndp (66k image)

Which shows that for this particular malware, the infection only started yesterday. So far there’s only 83 visits to the Java drive-by link.

And thankfully, he’s not very successful (knock on wood):

ijava_stats (28k image)

Leave a reply


Categories

FRIDAY, SEPTEMBER 17, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments