Posts Tagged: DIY Malicious Java Applet Generator


A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool

by

On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks. Can DIY exploit generating tools be considered as a threat to the market domination of Web malware exploitation kits? What’s the driving force behind their popularity? Let’s find out by profiling a tool that’s successfully generating an exploit (CVE-2013-0422) embedded Web page, relying on malicious Java applets. More details:

Continue Reading »

New DIY unsigned malicious Java applet generating tool spotted in the wild

by

By Dancho Danchev Just as we anticipated on numerous occassions in our series of blog posts exploring the emerging DIY (do it yourself) trend within the cybercrime ecosystem, novice cybercriminals continue attempting to steal market share from market leaders, in order for them to either gain credibility within a particular cybercrime-friendly community, or secure a revenue stream. Throughout 2012, we’ve witnessed the emergence of both, publicly obtainable, and commercially available, DIY unsigned Java applet generators. Largely relying on social engineering thanks to their built-in feature allowing them to “clone” any given Web site, these tools remain a popular attack vector in the arsenal of […]

Continue Reading »