Inside AnonJDB – a Java based malware distribution platforms for drive-by downloads

by

Share this news now.

by Dancho Danchev

With the even decreasing prices of underground tools and services, thanks to the commoditization of these very same market items, the price for renting a botnet, or purchasing access to already infected hosts, is constantly decreasing.

Although the majority of cybercriminals are actively exploiting end and corporate users while using client-side vulnerabilities in outdated third-party applications and browser plugins, there’s a separate branch of cybercriminals who specialize in delivering their payload using nothing else but good old fashioned social engineering attacks.

Following my previous post Inside a clickjacking/likejacking scam distribution platform for Facebook, in this post I will profile AnonJDB – a Java based malware distribution platform for drive-by downloads.

What exactly is AnonJDB?

Some of its features include:

  • Polymorphic HTML Code Infection Page Encryption
  • Custom Applet Names, Very Simple to Change
  • Polymorphic 100% FUD Jar File
  • Polymorphic iFrame Generator
  • Polymorphic Spreading File Generator
  • (Optional) Dual Infection Via Adobe Flash Update
  • Hosted by Our Systems
  • Website Cloner
  • Guaranteed 100% FUD Jar File
  • URL Redirection
  • Set File Name to Save As
  • Download File From an Alternate Web Server
  • Choose Storage Directory Ex: %APPDATA%
  • Statistics Page

A peek inside AnonJDB’s command and control interface:

Package prices for AnonJDB:

  • $10.00 USD – 1 Month
  • $20.00 USD – 3 Month
  • $35.00 USD – 6 Month
  • $50.00 USD – 1 Year

What’s particularly interesting about AnonJDB is its easy-to-manage command and control interface, and the fact that the cybercriminals are offering Dual Infection Via Adobe Flash Update, similar to the fake Adobe Flash Player screen profiled in my previous post Inside a clickjacking/likejacking scam distribution platform for Facebook.

In the past, malicious attackers used to rely on compromised FTP accounts for embedding of malicious iFrames within the compromised domains. Nowadays, the service is outsourced to a vendor offering managed hosting services for the entire platform, including the supply of fully undetected malicious Java applets and executable binaries.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.
Inside AnonJDB - a Java based malware distribution platforms for drive-by downloads by


About the Author

Name: Dancho Danchev
Role: Retired ThreatBlog Member

Share this news now.

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can alsofollow him on  TwitterGoogle+ or Facebook.


Share this news now.
Inside AnonJDB - a Java based malware distribution platforms for drive-by downloads by

Trackbacks

  1. [...] social engineering’ tricks. Throughout 2012, we emphasized on the emerging trend of using malicious DIY Java applet distribution tools for use in targeted attacks, or widespread [...]

  2. [...] 2012, we’ve witnessed the emergence of both, publicly obtainable, and commercially available, DIY unsigned Java applet generators. Largely relying on social engineering thanks to their built-in feature allowing them to [...]