Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscríbase
Security Research

300% Increase In Malicious JARs

image
THREATLABZ
mayo 14, 2010 - 2 Min de lectura

ImageWhile doing some stats & trends on our data, I noticed that there has been a steady rise in the number of malicious Java Archive (JAR) files that we are blocking (pulling data from both within our logs and denylists). While malicious JAR files remain a relatively small threat volume for our users (<100 incidents a month), roughly speaking there has been about a 300% increase in malicious JAR files per month observed from January 2010 to present. While our data is a small subset of the Internet as a whole, from the increases that I am seeing in our logs and the increased chatter on malicious JARs within security mailing lists, I believe it is safe to say that there has been an overall increase in malicious JARs on the Internet. There are a number of reasons supporting this increase, including:

 

  • Inclusion of JAVA exploits (for example, CVE-2008-5353 and CVE-2009-3867) within popular exploit kits (for example, Pheonix2, Eleonore, and Liberty)
  • Usage of JARs to obfuscate and redirect to malicious payloads (I used the DJ decompiler to analyze one of these the other day)
  • Tavis Ormandy's April 2010 discovery of the Java Web Start Argument Injection Vulnerability (Full Disclosure posting)
  • Adoption of the Java Signed Applet exploit (Metasploit rev. 8267, Java Applet Infection post)

Trojan executables, malicious PDFs, and browser exploits are much more prevalent than exploits against Java/JRE - but it will be interesting to continue to monitor this trend.

 

form submtited
Gracias por leer

¿Este post ha sido útil?

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Al enviar el formulario, acepta nuestra política de privacidad.