Drive-By Download Assault Based On Java Target Japanese Corporate Clients

Trend Micro the anti-virus firm cautions that a fresh attack of the drive-by download type using Java attack codes has hijacked PCs that belong to around 100 company networks situated in Japan.

Investigators from the company (Japan unit), which got a large number of calls beginning October 14, 2010 from its clients regarding the attack's symptoms, probed the threat.

They explain how the attack develops. Web-surfers visit the legitimate website that the attackers compromised using malware. This malware diverts the surfers onto certain websites of malicious nature that host JAVA_AGENT.O and JAVA_AGENT.P that abuse Java flaws for downloading and executing files.

If the exploitation is successful then numerous malicious items are installed as well as run on the PC the attack targets.

These malicious items include TROJ_DLOAD.SMAB, which when pulled down, further pulls down TROJ_DLOAD.SMAD that in turn pulls down TROJ_DROPPER.OMJ on the PC under attack, investigators at Trend Micro elaborate.

Curiously, TROJ_DROPPER.OMJ plants TROJ_EXEDOT.SMA, which finds out and informs particular URLs whether the system under attack is running particular processes. In addition, the Trojan tries to pull down and run additional malware. Furthermore, to disguise, TROJ_DLOAD.SMAD impersonates a file called 'mstmp' and TROJ_EXEDOT.SMA pretends to be 'lib.dll.'

If the mstmp and lib.dll files are simultaneously searched for via Google then the results returned involve primarily Japanese Internet sites, indicting that this attack bears the chance of being a targeted assault.

Further according to the investigators, the malicious item planted can be different based on which Java code is employed. Moreover, in certain instances, the malware is a familiar scareware named Security Tool.

However, users can safeguard themselves against the latest attack by always maintaining their security software and applications up-to-date. That'll enable them to have minimum exposure to security flaws as also ensure that they've the latest defense perpetually at hand.

Eventually, the investigators stated that such Java-based assaults had risen in 2010. Reports the Microsoft malware Protection Center that during Q3-2010, there were over 6m Java-based assaults, accounting for a steep rise since 2009 and former months of 2010 when lakhs rather then millions of such attacks were launched every quarter.

Related article: Drive Lock Sales Surge to Block USB Forts From Spreading Malware

» SPAMfighter News - 11/11/2010