Cyber Crooks Leveraging Notorious NetTraveler is Yet Active, Finds Kaspersky

Kaspersky states that the crime-gang with the Advanced Persistent Threat, Red Star, while leveraging the NetTraveler collective of malicious programs, continues to launch attacks, although applies a different attack technique.

Previously during 2013, the criminals chiefly used spear-phishing electronic mails for infecting Internauts with certain booby-trapped file attached to the messages; however, currently they're taking Internauts onto one booby-trapped website alternatively inserting harmful JavaScript inside some websites, which divert onto such a website.

In particular, the most recent wave of assaults aims at China's Uyghur activists. The spear-phishing electronic mails spotted told readers about one statement that the Spokesman of World Uyghur Congress made. A given web-link inside the e-mails apparently connected with the World Uyghur Congress site, however, it actually took users onto wetstock[dot]org, a domain for NetTraveler created for harboring certain Java attack code.

This attack code exploited one lately-patched Java security flaw namely CVE-2013-2465 for installing Dorifel identified as Trojan-Dropper.Win32.Dorifel.adyb, which's created for filching data from contaminated PCs as well as relaying the same to its web-server.

And alongside the targeted or personalized e-mails, Kaspersky's experts further found one watering hole assault, also targeting Uyghur activists.

According to these experts, the attackers hijacked Islamic Association of Eastern Turkistan's website as also changed it so users visiting it may get diverted onto the same NetTraveler URL.

Costin Raiu researcher at Kaspersky Lab said that the Java attack-code leveraging CVE-2013-2465 as well as the assault of watering hole nature, together was unobserved earlier for the crime-gang using NetTraveler. Naturally, it proved more effective compared to e-mailing attachments laden with the attack-code that happened to be the most-used medium of assault for the gang, until now. Understandably, more new attack codes could get integrated for utilization during the gang's assaults, Raiu added. Threatpost.com published this dated September 3, 2013.

Importantly now, Kaspersky recommends users for making their Java up-to-date incase it's being used alternatively uninstall it wholly incase not used. Also, they should make their Microsoft Windows, Microsoft Office, Adobe Reader and other intermediate software up-to-date, and utilize a safe Web-browser that develops and patches faster compared to the Internet Explorer of Microsoft.

» SPAMfighter News - 9/10/2013