Security researchers from Kaspersky Lab warn that the wave of spam emails taking advantage of the disaster in Japan continues with a new campaign that leads users to Java exploits.The latest spam run claims to link to a news article about the quake being the costliest disaster in the world's history.
However, Kaspersky Lab's Nicolas Brulez
warns that the links lead to Java-based exploits that use the OpenConnection method to download malware.
The exploits are detected by Kaspersky's products as Downloader.Java.OpenConnection.dn and Downloader.Java.OpenConnection.do, and drop a malicious VBS script file.
The VBS's purpose is to download and install even more malicious applications on the infected computers, adware in particular.
"
Once infected, the computer starts displaying localized ads," the researcher notes, but points out that "
on one successful infection, we counted as many as five malicious executables being run, one DLL being registered as a service, and a lot of task scheduler job files being created."
Java OpenConnection-based malware has become very prevalent in recent months and variants of such threats are constantly showing up at the top of monthly attack statistics released by antivirus vendors.
It's also a well known fact that cyber criminals are exploiting major news, especially those about natural disasters and tragedies, to spread malware.
Because of this, people are strongly encouraged to get their news only from reputable sources and discard any unsolicited emails claiming to lead to news stories.
Keeping popular software like Java, Adobe Reader, Adobe Flash Player, and the operating system itself up to date can help prevent a lot of attacks, while using an updated and capable antivirus solution at all times is equally important.
Other attacks capitalizing on the Japan earthquake include relief scams, poisoned search results and social networking worms.
Find us on Google+
