2013 January 10 | Security Intelligence

Targeted Attacks
- Anonymous’ #OpPetrol: What is it, What to Expect, Why Care?
- RARSTONE Found In Targeted Attacks
- How Targeted Attacks And Cybercrime Go Together
- What Connections Between Attacks Say About Them
- Hiding in Plain Sight: A New Targeted Attack Campaign

Mobile
- Detecting Hidden Administrator Apps on Your Mobile Device
- Cybercriminals Improve Android Malware Stealth Routines with OBAD
- The Android Fragmentation Problem
- Mobile Device “Security”: The Problems of Remotely Disabling Stolen Phones
- Get Free Followers! on Instagram? Get Free Malware, Survey Scams Instead

January 2013
S	M	T	W	T	F	S
« Dec		Feb »
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Trendlabs Security Intelligence > 2013 > January> 10

Archive for January 10th, 2013

Jan10

Java Zero-Day Exploit In The Wild, Spreading Ransomware

5:04 pm (UTC-7) | by Bernadette Irinco (Technical Communications)

A new zero-day exploit in Java has been found in the wild. Currently, this exploit is being used by toolkits like the Blackhole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK).

CEK is the creation of the same author responsible for Blackhole Exploit Kit. It appears to be a high-end version of the more accessible BHEK. Zero-day exploits are first incorporated into CEK and only added into BHEK once they have been disclosed. It has been reported that CEK was being used to distribute ransomware, particularly Reveton variants.

Currently, we detect the exploits as JAVA_EXPLOIT.RG, with the sites that load this exploit code detected as HTML_EXPLOIT.RG. The Reveton payloads are detected as TROJ_REVETON.RG and TROJ_REVETON.RJ.

Read the rest of this entry »