Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
    • About Us
    blog.trendmicro.com Sites > TrendLabs Security Intelligence Blog > Bad Sites > Java Zero-Days and the Blackhole Exploit Kit

    Last week’s Java zero-day vulnerability has been exploited by many exploit kits in the wild, including the familiar Blackhole Exploit Kit.

    In this blog entry, we thought we would describe some of the outbreaks related to this attack we’ve seen in the past week or so. Our automated processes that are a part of the Trend Micro™ Smart Protection Network™ started detecting and blocking these attacks as soon as they were spotted in the wild.

    A number of methods have been used to direct Internet users to the landing pages hosting these attacks, including:

    The usage of multiple ways to direct users to malicious sites definitely increase the chances of users stumbling into them, thus increasing the risk. In terms of the spam runs, we also saw several types of lures used:

    • Fake LinkedIn messages
    • Fake antivirus notifications
    • Faxes purporting to come from eFax
    • Fake Western Union money transfers

    The spammed messages contained links that would redirect users to compromised websites – which would then redirect to malicious landing pages. Landing pages are meant for two purposes: to scan the systems for any vulnerabilities, and to redirect to a corresponding exploit once a vulnerability is found.

    Looking at just one of the attacks using this new Java exploit, we were able to identify more than 300 malicious domains hosting landing pages, which were hosted on more than 100 servers.

    Almost half of the domains seen were hosted on the most well-recognized top-level domains: .com, .org and .net.

    Another finding is that almost half of the sites were hosted in the United States, with Russia hosting more than a fourth:

    Seems like most of the victims were also situated where the sites were hosted, as two-thirds of the victims we found were from the United States, with European countries making up the bulk of the remaining third.

    Trend Micro users are already protected from this through the Smart Protection Network. Furthermore, we advice users to consider if Java is necessary on their systems; if it is not, we recommend uninstalling it as it can pose a serious security risk. If it is needed, it must be kept up to date with the latest versions that are downloadable from Oracle.

    Trend Micro Deep Security users are also recommended to apply the rule 1005178 – Java Applet Remote Code Execution Vulnerability – 2 to protect from threats seen exploiting this Java vulnerability.


    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Thursday, September 6th, 2012 at 9:36 am and is filed under Bad Sites, Exploits, Malware, Spam, Vulnerabilities . Both comments and pings are currently closed.



    Comments are closed.



     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice