Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Hackers Targeting Non-government Organizations Using Backdoor Assaults

Researchers at Computer Security Company Trend Micro are reporting non-government organizations (NGOs) that are getting attacked with backdoor-assaults resulting from a website hijack that unleashed one destructive Java applet identified to be JAVA_DLOAD.ZZC and abusing a security flaw within Java.

The flaw, JAVA_DLOAD.ZZC exploits, is called CVE-2011-3544 and its exploitation results in the installation of TROJ_PPOINTER.SM that in turn plants BKDR_PPOINTER.SM. Linking up with one particular URL, BKDR_PPOINTER.SM exchanges instructions with its controller. Moreover, while on the infected PC, it collects information regarding that machine too.

Furthermore, investigation reveals that the first NGO struck is probably one target from the several within this assault, while the assault as such is particularly devised to hit the targets. Investigators during the probe discovered that cyber-criminals used the attack strain associated with the NGO on human rights for labeling both the newly created file and associated folder within the hijacked Brazilian site: "hxxp://{BLOCKED}.com.br/cgi-bin/ai/ai.jar" and "hxxp://{BLOCKED}.com.br/cgi-bin/ai/ai.html."

Nart Villenueve, Researcher at Trend Micro tested this and discovered more files and their folder that were supported on the same hijacked site although with separate strains, thus strongly indicating that other targets too existed.

What's more, the files recovered via the web addresses such as "hxxp://{BLOCKED}.com.br/cgi-bin/so/so.html," "hxxp://{BLOCKED}.com.br/cgi-bin/hk/hk.jar" and "hxxp://{BLOCKED}.com.br/cgi-bin/hk/hk.html" too contained the identical strain, with the files currently identified as BKDR_PPOINTER.SM and JAVA_DLOAD.ZZC.

Researchers from the Trend Micro Company said that the attack seemed as being related to one wicked plan for striking human rights activists.

Indeed, over the recent months, cyber-criminals targeted the human rights NGO's homepage in a couple or more instances, indicating their persistence for aiming at the large number of visitors to the website. Presently, however, there's no malware on it. Nevertheless, it's suggested that website-owners running sites having special attraction like those related to special demographics, groups or organizations having some common interest must exercise the same caution with the sort of assaults described similar as businesses or corporate houses.

Meanwhile, recently during December 2011, Barracuda Networks another security company told that Amnesty International was attacked when cyber-criminals compromised its homepage inside UK. The website reportedly delivered malware, which abused one lately-patched security flaw within Java.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

ยป SPAMfighter News - 1/11/2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page