12345

4/04/2011

Spreading malicious file about Libyan revolution

1. Introduction

Recently, spreading malicious file related Libyan revolution, covering main page of newspaper these days, has been detected.
Big global issues, such as Japanese earthquake, are the easiest way to be used as a social engineering by cyber criminals and malicious file distributor.



2. Spreading path and symptoms of infection

This site and domain looks newly generated recently. You can get information about Libyan news on this web site.


This site provides most information through various links with reliable organizations.
Also, it can download additional malicious files through Java Applet on accessing.

* Downloaded file

- FreeLibya.jar (2,762 bytes)

Since its file name "FreeLibya.jar" is also related with Libya, users can be easily lured.
But downloading jar file depends on current installed Java JDK version.



* When JDK hasn't been installed



* When JDK has been installed







Upon executed download jar file, it will download additional malicious file, "javaclient.exe" through internal class file.

디컴파일된 class파일 내부코드

If downloaded malicious file "javaclient.exe" is executed, it will create its cloned file as following path and set preference to start itself on booting automatically.

* Generated file
- (User temporary folder)\svc21host.exe (1,130,496 bytes)

* Generated registry
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Name : svc21host
- Data : (User temporary folder)\svc21host.exe

* (User temporary folder) means "C:\Documents and Settings\(User account)\Local Settings\Temp" generally.

Furthermore, it will be still connecting to certain external site continuously such as following figure; as a result this PC can be a Botnet.



3. How to prevent

Global issues can take interest of publicity. Malicious file programmer and cyber criminals are distributing malicious files with using social engineering.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
※ Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system against various security threats.

4 comments:

  1. I know a lot of writing advices and I try to practice writing every day. On https://eduessayhelper.org/blog/paper-outline I found advices about writing paper outline.

    ReplyDelete
  2. My Assignment Services provides a 24-hour online Assignment Helper and consultation to the students. Be it any subject such as Nursing, Economics, Law, Engineering, or Management, we provide the most reliable help with assignment online by our highly-proficient academic writers. My Assignment Services constantly aim to expand our base of assignment writing experts and call in international experts who are ex-professors from reputed business schools, management schools, engineering universities from across the globe. This provides you with an opportunity to get a global and world perspective in your Python Assignment Help answers and lets you connect with a writer who understands you. This company has been trusted by thousands of students in Australia for their incredible help with assignment that are provided to students worldwide. Join these thousands of students and achieve high distinction in each and every one of your college tasks. We are proud of our best assignment help experts because of their dedication towards providing continuous support to students by helping them meet deadlines and scoring better grades. We understand how important academic assessments are in developing a student's career and future opportunities, this is why we take extreme measures to ensure that all Geology Assignment Help solutions are best-in-class.

    ReplyDelete
  3. I won't try to download it. I care about my PC. That's kinda dangerous.

    ReplyDelete