Java C00l Blend Exploit

Over the New Year period 0-day exploits have been rampaging around. In our threat control lab we have looked into hits for the recently discovered 0-day that exploits a vulnerability (CVE-2013-0422) in the latest version of JAVA (1.7 update 10).

Our records imply that an exploit, from cool exploit kit, has been on the hunt from January 8th this year, if not before. Example file names seen so far are 2233.jar, 2332.jar and some randomised ones, downloaded from different domains that serve the exploit and other malware.

The 0-day under discussion, on successful execution on a victim’s machine, exploits the vulnerability in the java environment and downloads a Windows executable file, which currently happens to be a Ransomware Trojan in most of the occurrences.

Fortunately, K7 users are pro-actively shielded from this 0-day attack by the Carnivore technology embedded in K7 security products. Here is a screenshot that depicts K7 security products blocking an attempt to exploit the vulnerability.

exploit

exploit

V.Dhanalakshmi
Malware Analyst, K7TCL

Tags: , , , , , ,

About k7press

Antivirus Vendor - distributor for United Kingdom and Republic of Ireland

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s