Information Security Professionals Warn Against Rising Drive-by Attacks based on Java Functionality 


by iClass - Wednesday, January 12, 2011
Attackers are finding new ways to by-pass security mechanisms. Recently, information security professionals have identified the trend of using java functionality to launch drive-by-attacks. In case of drive-by attacks, offenders tempt Internet users to click on a pop-up or fake error messages with malicious content. Alternatively they may append malicious script tag at the end of a legitimate URL. All new visits to the site will result in automatic download of malicious content.

Usually, attackers exploit the vulnerabilities in operating systems and web applications to inject malicious code or install malware. Experts have witnessed rise in a new breed of Trojan applications, which rely on the java functionality to inject more malicious code in computer systems. In this case, attackers use the open connection method of a URL Class to connect a Trojan Application to the Internet.

When users click on a program infected with the Trojan, they inadvertently allow a malicious code to download and run on their computer systems and applications. The latest monthly malware report issued by Kaspersky Lab has detected, two open connection Trojans - and Trojan-Downloader.Java.OpenConnection.bu and affected over 40,000 computer systems at their peak during a 24-hour period during the last month.Attackers can launch such drive-by attacks to gain remote access to computer systems, acquire user privileges, alter data, collect documents containing sensitive information and send them to remote servers.The stolen data may be used for identity theft and misrepresentation.

Therefore, Internet users must be wary of clicking suspicious links and banner ads. They must not enter personal details on any website, without checking their authenticity to ensure information security and confidentiality. Users can also prevent automatic execution of malicious scripts by disabling ActiveX scripts and ActiveX controls.

Organizations must conduct regular security audit of websites and web applications through ethical hacking, penetration testing and other real-time tests to identify the threat vectors and initiate corrective active prior to their exploitation by criminals.

EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. “Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation” as stated by EC-Council’s Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.


The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

Press Contact

Steve Graham
6330 Riverside Plaza Ln NW
Suite 210
Albuquerque, NM 87120

Keywords: Java, open connection Trojans, malware, information security, identity theft, remote access, vulnerabilities, drive-by attacks, security, malicious code,


0    submitted by iClass -
Read More Press Releases

PDP Pays Protestors against Buhari

What Causes an Underbite?

Ziqitza Healthcare Ltd aims to revitalise their on the go medical services

All Kids Braces Medical Card is now Available in Evanston through iDentity Orthodontics

'Home seekers looking to home loan interest rate cuts from RBI in Feb’: Niranjan Hiranandani

Hiranandani Group’s new foray into Dream Project of PMO Narendra Modi with commercial establishmens in GIFT City, Gandhinagar, and Gujarat

Isle of Man court stays order against Hiranandani

Thane the ideal ‘luxe living’ residential destination: Niranjan Hiranandani

Clipping Creations India Offer Multiple Service in Photo Editing

Practitioner seeks state funds to widen study of naprapathy to treat vets’ PTSD

Get press releases by email