Red October relied on Java exploit to infect PCs

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2013/01/massive-espionage-malware-relied-on-java-exploit-to-infect-pcs/

By Dan Goodin
Ars Technica
Jan 14 2013

Attackers behind a massive espionage malware campaign that went 
undetected for five years relied in part on a vulnerability in the 
widely deployed Java software framework to ensnare their victims, a 
security researcher said.

The unknown attackers infected computers operated by the Russian 
Federation, Iran, the US, and at least 36 other countries. They used 
highly targeted malware to collect what's believed to be hundreds of 
terabytes of sensitive data, according to researchers from antivirus 
provider Kaspersky Lab. The success of the covert operation is largely 
the result of malware and phishing e-mails that were highly customized 
for each victim.

Now, Aviv Raff, a researcher with Israel-based Seculert, said he has 
uncovered a website used to infect some of the victims of Operation Red 
October (as the campaign has been dubbed). The website exploited a 
critical Java vulnerability identified as CVE-2011-3544, allowing the 
attackers to surreptitiously execute malicious code on visitors' 
computers. Although Oracle developers patched the bug in October, 2011, 
the malicious Java archive file was compiled the following February.

Raff's discovery provides a window into the inner workings of an 
espionage campaign that collected passwords, cryptographic keys, and 
sensitive diplomatic intelligence from some of the world's biggest 
governments. They include a pseudo-randomly generated unique ID the 
malicious executable assigned to each newly infected computer.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org