Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Java Attacks Spiking

Researchers see increase in malicious Trojans favoring built-in Java functionality over application-related vulnerabilities.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
Attackers are increasingly relying on Java to execute drive-by attacks.

According to a recently released report from Kaspersky Lab, "in the latter stages of a drive-by attack" a fast-growing class of Trojan applications are using Java functionality, rather than operating system or application vulnerabilities, to help infect computers with more malicious code.

In particular, attackers "employ the OpenConnection method of a URL class" to deliver an Internet connection to their Trojan application, according to Kaspersky's Vyacheslav Zakorzhevsky. "Instead of exploiting vulnerabilities, [they] use standard Java functionality to download and run files from the Web. This is currently one of the prime download methods for malicious programs written in Java."

It's also quite prevalent, with two OpenConnection Trojans placing among the top 10 most-seen malicious programs last month. "At the height of their activity the number of computers on which these programs were detected in a 24-hour period exceeded 40,000," he said.

Attackers have also recently been polishing the TDSS rootkit, which Zakorzhevsky describes as "one of today's most complex malicious programs." Last month, its creators modified it to take advantage of a task scheduler vulnerability in Microsoft Windows 7, Vista, and Server 2008, which was discovered by security researchers who were analyzing Stuxnet. The related vulnerability was patched by Microsoft in December.

If some attackers continue to push the envelope with Java and cutting-edge rootkits, others are still relying on what's tried and true, such as attacks against social networks and e-mail spam.

On the spam front, a report released by Sophos on Tuesday found that the United States continues to lead the world when it comes to relaying spam. In fact, from October to December 2010, 19% of all spam was relayed via the United States.

Interestingly, global spam volumes uncharacteristically dipped at Christmastime, with some industry watchers reporting that the normally prolific Rustock botnet appeared to be spewing less spam than usual.

But the dip suggests that "the bad guys are now using the botnet for other activities," said Graham Cluley, senior technology consultant at Sophos. "For instance, installing revenue-generating pop-up adverts or [practicing] identity theft [on] unsuspecting home users."

Furthermore, the dip was short-lived. As of Monday, said Cluley, the volume of spam being served by Rustock had returned to its pre-holiday levels.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.