A new malware exploit kit (a packaged malware designed to be purchased and used by cyber criminals) has been discovered that uses a new tactic to avoid discovery by anti-malware tools. The usual drive-by exploit kits inject the user’s computer upon visiting a malicious Internet website. This one, called “g01pack”, uses two stages of activity to perform the injection and subsequent infection.
The first stage of the attack, when your browser visits the malicious site, executes some program code that launches a second stage in which Java code is run in a separate process. The second stage then downloads and runs the final payload; loading onto your computer.
Why all two stages? To “distance the attack launch site from its final destination.” This accomplishes two objectives: 1. the attack is more likely to bypass some security products by appearing less harmful; and 2. the source of the attack is not easily identified by forensic analysis.
“The final payload is, of course, malware – we noticed many malware families being distributed by this specific exploit kit – Zeus, Torpig, Gozi, Shylock, and there are most likely many others. The exploit kit is used to infect targets globally, with the current infection rate estimated at 1:3,000 machines per month (payload executions from this exploit kit alone!). This very high infection rate proves the effectiveness of this multi-stage approach. Therefore, it is highly likely that other exploit kits will incorporate a similar approach.”
Reference: Net-security.org article
Be very careful…it’s dangerous out there.
Please comment on this article; we all learn from each other when our views and opinions are shared.
I hope you found this article of interest. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Remember, personal computing is a blast…keep it safe, productive and enjoyable.
I’m also on Twitter, @PaulsInternet.
Images courtesy of Malware logo Crystal 128. (Photo credit: Wikipedia)