Java vulnerabilities exploited to push the ZeroAccess Trojan
Earlier this week, Government Security News (GSN) took down its gnsmagazine.com website after identifying a piece of malware on it. Visitors of the site had been served malicious code from a known malware distributor.After investigating the incident, Zscaler experts found that at least 65 websites had been compromised, some as early as June 13.
Researchers discovered that the attack had three steps. In the first step, malicious advertisements from openxadvertising.com were injected into the sites.
Then, victims were redirected to domains such as googlecodehosting.com, googlecodehosting.org, and googlecodehosting.net, which delivered a malicious .jar file.
This .jar file is designed to exploit two known Java vulnerabilities in an effort to download the notorious ZeroAccess Trojan onto the victims’ computers.
Zscaler has notified all the impacted websites of the incident. GSN has confirmed that its website is now clean.