New Drive-By Spam Infects Those Who Open Email -- No Attachment Needed

[Bear]

i don't doubt it, but... that doesn't mean the answer is easy to find.
if it were that easy, the question would never have needed to be asked.

I found it in .1 seconds

 

[Virus Guy]

It hides what they're doing and the domain from the casual observer.


That's what you see when the script is deobfuscated. Sometimes the
tags and link are not hidden. I've seen Blackole pages (main.php)
where the first reference to a Java applet is in the clear, followed
by all the other exploits in obfuscated script.

Are there usually different (separate) settings to disable javascript
AND disable java?

If so, aren't malware authors / spammers shooting themselves in the foot
by depending on javascript NOT being disabled on the target system?

Wouldn't they get further in their effort to exploit a target if they
bypassed the javascript stage and went directly to the java method?

Does anyone here have any further info on this apparently new spam
infection mechanism as described in the original post?

 

[Dustin]

Dustin...it's all over the web!

As are bomb making instructions. As a professional however it wouldnt be
appropriate for me to either post malicious code samples or provide you
a specific local to get it.

 

[Dustin]

On 1/29/2012 3:06 PM, Dustin wrote:
innews:[email protected]: [snip]
How can an e-mail be crafted to auto-run java CODE _without_
requiring the user to "click" on any embedded links?

It would be poor judgement to Provide sPecifics on doing that.

Dustin...it's all over the web!

i don't doubt it, but... that doesn't mean the answer is easy to
find. if it were that easy, the question would never have needed to
be asked.

I found it in .1 seconds

and happily posted it. putting potentially harmful code samples in the
hands of those who dont grasp the concepts to handle it safely. its
irresponsible imo. virusguy has demonstrated that hes not in a position
to study malicious code without risk to his and other systems.

it doesnt help to reduce the malware issue when stupid things like this
are done. rather, it contributes to more 0wned systems and unnecessary
network traffic we all eventually pay for.

I dont support censorship but i do think some information shouldnt be
provided unless/until said person has a clear and thorough understanding
of the pros and cons. You wouldnt let a 5year old play with a loaded
pistol. When hes older and understands! is when he can safely handle
said pistol.

I hope you take this post as intended, As its taken me over ten minutes
(I broke my right hand sat night) to type this left handed only. . I
mean no ill will and im not trying to seem like an arrogant prick but
malware is not a joke and shouldnt be taken lightly.

 

[Bear Bottoms]

On 1/29/2012 3:06 PM, Dustin wrote:
in[snip]
How can an e-mail be crafted to auto-run java CODE _without_
requiring the user to "click" on any embedded links?

It would be poor judgement to Provide sPecifics on doing that.

Dustin...it's all over the web!

i don't doubt it, but... that doesn't mean the answer is easy to
find. if it were that easy, the question would never have needed to
be asked.

I found it in .1 seconds

and happily posted it. putting potentially harmful code samples in the
hands of those who dont grasp the concepts to handle it safely. its
irresponsible imo. virusguy has demonstrated that hes not in a
position to study malicious code without risk to his and other
systems.

it doesnt help to reduce the malware issue when stupid things like
this are done. rather, it contributes to more 0wned systems and
unnecessary network traffic we all eventually pay for.

I dont support censorship but i do think some information shouldnt be
provided unless/until said person has a clear and thorough
understanding of the pros and cons. You wouldnt let a 5year old play
with a loaded pistol. When hes older and understands! is when he can
safely handle said pistol.

I hope you take this post as intended, As its taken me over ten
minutes (I broke my right hand sat night) to type this left handed
only. . I mean no ill will and im not trying to seem like an
arrogant prick but malware is not a joke and shouldnt be taken
lightly.

We all travel at our own risks. I appreciate your view though I disagree
with it...fair enough.

One thing about the www...it virtually eliminated those secrets. Better
to be guided by professionals IMO. Teach to fish.