Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Java remove filter
Urchin の素顔
Karthikeyan Kasiviswanathan | 27 Oct 2011 | 0 comments

最近、特定の大量埋め込みキャンペーンについて書かれたブログを見かけるようになりました。この機会に、シマンテックで判明した事実をご報告します。

この攻撃は、すでにペースを速めており、多くの無防備なユーザーが感染しています。攻撃の始まりは特定のサイトに埋め込まれたスクリプトで、このスクリプト自体は http://[削除済み]/urchin.js という特定のサイトをポイントしています。今回のブログでは、悪質なファイルを侵入先のコンピュータにインストールするためにこの攻撃で使われている、いくつかの悪用コードを見ていこうと思います。

スクリプトが埋め込まれたサイトにアクセスすると、ユーザーは悪質なサイトにリダイレクトされます。さらにリダイレクトが続き、最終的には不明瞭化されたスクリプトが含まれるサイトに誘導されます。このスクリプトをデコードすると、iFrame タグが埋め込まれていることがわかります。このサイトに埋め込まれている iFrame タグの不明瞭化を解除すると、次のようになっています。

ページには再生ボタンの付いたビデオが表示されますが、このボタンをクリックすると、次の図のように Adobe Flash Player の更新を推奨する偽のメッセージが出現します。

[Don’t Install(インストールしない)]をクリックしても、更新のインストールを求めるメッセージが繰り返されるだけです。

i.html ページには、多数の悪用コードも潜んでいます。不明瞭化解除への対抗策として、スクリプトでは argument.callee 関数が利用されています。これは、多くの悪質なスクリプトで確認されている関数で、次の図の赤い線で囲んだ部分がこれに当たります。

...

Read more
The True Face of Urchin
Karthikeyan Kasiviswanathan | 26 Oct 2011 | 0 comments

In recent days, we have seen blogs about a specific type of Mass Injection campaign. We take this opportunity to publish our findings in this blog.

This particular campaign has already picked up pace and it is infecting a lot of innocent users out there. It all starts with a script that is injected into certain sites. The script itself points to one particular site: “http://[REMOVED]/urchin.js”. Throughout this blog, we will see the different exploits that this particular campaign uses in order to install malicious files on to a compromised computer.

Upon visiting a site with the injected script, the user is redirected to a malicious site. A subsequent redirection takes the user to a site that contains an obfuscated script. When the script is decoded, it reveals an embedded iFrame tag. Below is an example of the de-obfuscated iFrame tag embedded in the site.

...

Read more
A Rise in Java Vulnerabilities
Greg Ahmad | 30 Apr 2010 | 0 comments

Web browsers are an integral part of home and business computing environments and one of the most popular and ubiquitous applications on computer systems. Due to their popularity, the exploitation of security vulnerabilities in browsers is a common method for attackers to compromise computers. Vulnerabilities in browsers and browser plug-ins facilitate the propagation of malware, as well as aid in other attacks such as fraud and the theft of sensitive information. Not only are these issues used to compromise computers in targeted attacks, but vulnerabilities affecting browser applications are also exploited en masse by malware, bot networks, and exploit toolkits. Nowadays, attacks that take advantage of vulnerabilities in browsers and other associated applications such as browser plug-ins are very common. According the recent Symantec Global...

Read more
“Perfect” Client-Side Vulnerabilities
Adrian Pisarczyk | 27 Apr 2010 | 0 comments

Far gone are the times when truly remote server-side vulnerabilities were the most popular vectors for compromising machines and attacking organizations. More than 93 percent of vulnerabilities exploited in recent years have been client-side security flaws, as discussed in the Symantec Global Internet Security Threat Report. They are used in both targeted attacks and massively widespread drive-by attacks to create botnets. One type of these sorts of vulnerabilities is browser and browser-related issues. In many cases they merely require a victim to follow a single link to become compromised. There is a continuous race between browser developers, vulnerability researchers, and exploit writers. In this year’s Pwn2Own contest at the CanSecWest Applied Security Conference, all of the most popular browsers except Google Chrome were successfully exploited on the first day. The list included Apple...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,905