The Latest in IT Security

Win32/Cridex: Java pushes Cyprus into a Blackhole

20
Mar
2013

Sadly, Cyprus has been the source of bad news lately. Even sadder, nothing travels faster than bad news, and bad people are all too ready to use bad news to trick their victims into opening bad files. My colleague Aleksandr Matrosov has alerted us to a spammed out message crammed with malicious links. Here’s a screenshot:


Despite the apparently innocuous nature of the links, they actually all go to a site booby-trapped with the Blackhole exploit kit (hxxp://go-my.ru/cyprus_news.html). The page is detected by ESET as a phishing site and users are protected.


The malware uses the latest Java exploit CVE-2013-1493 and we detect the samples as Win32/Cridex.AA and Java/Exploit.Agent.NMK.


Following infection of the victim machine, the victim is redirected to the main BBC news page:


As you see, the story there isn’t quite as dramatic as the spam message implies, but of course the idea is to grab your attention and get you to click on a malicious link.


The malware’s payload is to drop Win32/Cridex (see Virus Radar for a map of Win32/Cridex). We are now on notice that unsolicited emails about the problems in Cyprus are to be treated with extreme caution.

Aleksandr Matrosov, Security Intelligence Team Lead
David Harley, Senior Research Fellow

Leave a reply


Categories

WEDNESDAY, OCTOBER 17, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks