Blog da Zscaler

Receba as últimas atualizações do blog da Zscaler na sua caixa de entrada

Inscreva-se
Security Research

300% Increase In Malicious JARs

image
THREATLABZ
May 14, 2010 - 2 Min. de leitura

ImageWhile doing some stats & trends on our data, I noticed that there has been a steady rise in the number of malicious Java Archive (JAR) files that we are blocking (pulling data from both within our logs and denylists). While malicious JAR files remain a relatively small threat volume for our users (<100 incidents a month), roughly speaking there has been about a 300% increase in malicious JAR files per month observed from January 2010 to present. While our data is a small subset of the Internet as a whole, from the increases that I am seeing in our logs and the increased chatter on malicious JARs within security mailing lists, I believe it is safe to say that there has been an overall increase in malicious JARs on the Internet. There are a number of reasons supporting this increase, including:

 

  • Inclusion of JAVA exploits (for example, CVE-2008-5353 and CVE-2009-3867) within popular exploit kits (for example, Pheonix2, Eleonore, and Liberty)
  • Usage of JARs to obfuscate and redirect to malicious payloads (I used the DJ decompiler to analyze one of these the other day)
  • Tavis Ormandy's April 2010 discovery of the Java Web Start Argument Injection Vulnerability (Full Disclosure posting)
  • Adoption of the Java Signed Applet exploit (Metasploit rev. 8267, Java Applet Infection post)

Trojan executables, malicious PDFs, and browser exploits are much more prevalent than exploits against Java/JRE - but it will be interesting to continue to monitor this trend.

 

form submtited
Obrigado por ler

Esta postagem foi útil??

Receba as últimas atualizações do blog da Zscaler na sua caixa de entrada

Ao enviar o formulário, você concorda com nossa política de privacidade.