[Warning] Spreading malicious file on famous private internet broadcasting

1. Introduction

December 10, 2011 malicious file spreading through external AD link on accessing one of popular internet private broadcasting web site.
This malicious file was spreading on weekend and was assumed itself to be an APT(Advanced persistent threat).
Especially, origin of malicious file spreading was different by accessing time. Server administrators need to be careful on operating servers.

When user visits Axxxx web site, famous for real-time internet private broadcasting system, malicious file can soak users PC with using vulnerabilities of JAVA and Adobe Flash Player.
Therefore, the latest security update is needed. If not, access web site can make visiting user to victim.

2. Spreading path and symptoms of infection

Malicious file is spreading on AD server on external partners. When users click the AD, exploit code will be run.

Accessing on private broadcasting service of http://www.a******.com will redirect user to http://www.a******.com/ad/af_station_AD.htm and, af_station_AD.js Script will be activated.

AD is located on left top part of this site and is changing frequently.
Since security level of popular website is relatively higher usually, malicious file distributors are seemed to decide AD server for those distribution.

When the external AD service list is connected, malicious code, located in its inside iframe, will be activated and ad.html will be loaded.

java.exe and EXE(XOR encrypted) type malicious file disguised as ie67.gif with using vulnerability in Adobe Flash Player and JAVA Applet will be downloaded and will try to infect user's PC.

ad.html checks user's browser version(IE6.0~8.0) and distinguish exploit code. And it links iframe on Exploit Codes including ad2.html, ad1.htm, java.html.
java.html is loading malicious Applet.jar and rename java.exe to xxoo.exe and download to Temp folder based on ScriptEngineExp.class its inside.

Actually, various variants of this malicious have been reported, user could expose from those variants.
Besides, it controls to access URL of Exploit Code with using Cookie file, and it disturbs normal operation of Anti-Virus products with installing malicious driver-type file (kill.sys).

Finally, malicious file will try to leak account information of domestic on-line game user.

3. How to prevent
Various security update for each product is the most important to be safe from infection, especially on Adobe Flash Player and Oracle Java Application. And using believable Anti-virus program and personal Firewall are also needed.
INCA Internet's Emergency Response Team is updating and distributing the latest pattern on our nProtect Anti-Virus family.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.


  1. If you need some information to study for exams I recommend that you visit this blog post. it probably has all what you need

  2. Since Perl 6 is multi-threaded in its core, it was decided at a very early stage that reference counting would be problematic performance-wise and maintenance-wise. Instead, objects are evicted from memory when more memory is needed and the object can be safely removed."

    Am I missing something?


    https://nox.website/ https://tweakbox.run/

  3. Great post. I was checking continuously this blog and I am impressed!
    Very useful info specifically the last part :) I care for such info much.
    I was looking for this certain information for a very long time.

    driving directions

  4. Hey!! Thanku you so much for sharing information about blog and also download . Spotify Premium Apk download tinytunes android gtunes download

  5. حتى نرضى عملائنا الكرام حيث ان هذه الحشرات بأنواعها المتغايرة تكون السبب فى الكثير من الأمراض الخطيرة على صحة الانسان و من الممكن أن تؤدى فى الخاتمة الى وفاة الانسان لهذا تنصح مؤسسة مكافحة حشرات بمحايل صعب
    شركة مكافحة حشرات بالطائف
    شركة عزل خزانات بالطائف
    شركة مكافحة النمل الابيض بالطائف
    شركة النجوم لمكافحة الحشرات

  6. There is increased need for correct formatting of all the Cheap Coursework Writing Service from the agency. Therefore, Students can order Custom Research Papers at any given time at an affordable price.

  7. Welcome to the party of my life here you will learn everything about me. PLease search instastalker to discover nice photos and videos on instagram.

  8. How cybercriminals use popular TV shows to spread malware

    raze 3 html

  9. Any of us could be victims, so be careful click

  10. Thank you for your post, I look for such article along time, today i find it finally download android apk. this post give me lots of advise it is very useful for me

  11. Thank you for your post, I look for such article along time Omegle Alternatives

  12. For get the technical support, you should dial AOL Email Supports Toll-Free Number for Resolve AOL Mail Issues without any recovery option. Our experts and experienced email technicians are available 24 hours a day to help you with any error related to your AOL email account.


  13. Let’s talk about Assisted Living Pinehurst. For that, you want to love where you are, who surrounds you, and what you’re doing. Sounds like The Gardens Care Homes Living Community in Pinehurst, NC. The living and community spaces are elegant with just-right warmth. There’s so much to do and share here, it’s a place where families can connect again. Moving to a senior living community is a big decision.