Facebook Application Leads onto Java Applet: McAfee
McAfee Lab discovered that the application links of Facebook a popular social-networking website linked up with a malicious Java applet, which posed as being sent from Sun Java Microsystem. McAfee TrustedSource reported this on November 11, 2010.
Elaborating on the assault, McAfee stated that the malware ran even without users loading the Facebook applications to their profiles. Upon accessing one particular Facebook application page that used a language of Eastern Europe, the web-page led onto a malevolent website harboring Java applet posing as "Sun_Microsystems_Java_Security_Update_6" from Sun Java MicroSystmes. Though showing a signature for itself, the file; however, wasn't digitally signed that should work as a red signal for the user.
Meanwhile, it's extremely deceiving when website visitors find out that they're loading malicious software. Similar to the majority of applications, they'd believe it's a necessary item. Moreover, as per the truth, the entire process takes place on a trustworthy social website as Facebook, with a fine means of social engineering.
Stated the security researchers, although Facebook and other Web 2.0 technologies had enjoyed never-like-before number of members, the more-or-less fresh technology's universal adoption was being hampered because of security concerns.
Also, the current tactic of social engineering seems to get more-and-more common on malevolent websites, since the alert lets the spoofing of the publisher when not verified. Moreover, it doesn't outline the risk inferences because the applet isn't barred from execution.
So by clicking Run, the user has the malicious Java applet pulling down a random .exe file from an URL claimed as one of the website's parameters. Subsequently, it keeps the file as also runs it as 'NortonAV.exe' via the user's profile page. If executed on Windows, this file can rest in "C:\Users\[username]" on Windows 7/Vista or "C:\Documents and Settings\[username]" on Windows 2000/XP.
The Trojan that is downloaded, reportedly, steals passwords from the user's computer as well as transmits their log to a Gmail account.
Conclusively, people need to be wary that executing Java applets isn't anything different from executing an .exe file only that users aren't at first directed for storing the file. They may or may not execute the applet.
Related article: Facebook Users Should be Careful of a Computer Virus
» SPAMfighter News - 11/20/2010
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!