Security researchers from Kaspersky Lab have intercepted a drive-by download attack on imageshack.us that was launched through a malicious advertisement.
The malvertizement was loaded from a [censored]mediagroup.com domain and served an exploit for an older vulnerability in Java that was patched in 2010 (CVE-2010-4452).
The attack was
spotted by Kaspersky Lab expert David Jacoby while investigating a recemt hacking incident that involved images hosted on ImageShack.
The exploit attempted to install Trojan.win32.TDSS.cgir on visitors' computers. This is a rootkit from the notorious TDSS family which is capable of hiding itself from anti-malware products in the lowest levels of the operating system.
There are currently no details about how the malicious advertisement made its way onto the popular image hosting website, but some of the most common methods involve impersonating a legit advertiser or compromising an internal ad server.
We don't know if ImageShack is selling advertising directly, if it relies on an ad network, or both, so we can't speculate regaridng the most likely cause.
The fact that this attack uses an old Java exploit suggests that there are many outdated Java installations out there. In most cases people don't even know that they have Java installed or that they need to update it.
Oracle has been criticized, just as Adobe, for its inefficient Java update mechanism. In addition, people hardly ever need Java on the web these days and considering the unusually high number of attacks targeting the technology it's probably safer to uninstall Java plug-ins from browsers entirely.
Users are advised to always keep their software and operating system up to date and to run an updated antivirus program capable of filtering and scanning web traffic.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
