|04 May 2013||#1|
| || |
Multi-stage exploit attacks for more effective malware delivery
Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) where the first stage, the exploit, puts the rocket in its trajectory and the second stage, the payload, inflicts the damage.
In the cybercrime world, the de-coupling of the first stage from the payload is designed to make sure that an exploit kit is as generic as possible and can deliver all possible payloads, provided that the payloads only need native execution (either as a standalone executable – files with an “.exe” file extension, or DLL registration via RegSvr32 – files with a “.dll” extension).
We recently found that a Java exploit kit called ‘g01pack’ has added another ‘mid-course’ stage, turning the infection process into a multi-stage attack. The first stage of the attack, the exploit shellcode, executes a second stage, in which a Java class runs in a separate Java process. This second Java process then downloads and runs the final payload. We believe this discovery represents the first instance of an exploit kit delivering its payload via a multi-stage attack.
|My System Specs|
|Similar help and support threads for2: Multi-stage exploit attacks for more effective malware delivery|
|Multi-stage copy/paste?||General Discussion|
|Antivirus Suites Struggle to Block Exploit-based Attacks||Security News|
|Web malware exploitation kits updated with new Java exploit||Security News|
|USB Malware Attacks On the Rise||Security News|
|Most Effective Antivirus Tools Against New Malware||System Security|
|Microsoft bracing for malware attacks from embedded fon||System Security|
|Vicious Malware Attacks Via Antivirus Ads||News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 10:10 PM.