Information Security Professionals Warn Against Rising Drive-by Attacks based on Java Functionality 

-

by iClass - Wednesday, January 12, 2011
Attackers are finding new ways to by-pass security mechanisms. Recently, information security professionals have identified the trend of using java functionality to launch drive-by-attacks. In case of drive-by attacks, offenders tempt Internet users to click on a pop-up or fake error messages with malicious content. Alternatively they may append malicious script tag at the end of a legitimate URL. All new visits to the site will result in automatic download of malicious content.

Usually, attackers exploit the vulnerabilities in operating systems and web applications to inject malicious code or install malware. Experts have witnessed rise in a new breed of Trojan applications, which rely on the java functionality to inject more malicious code in computer systems. In this case, attackers use the open connection method of a URL Class to connect a Trojan Application to the Internet.

When users click on a program infected with the Trojan, they inadvertently allow a malicious code to download and run on their computer systems and applications. The latest monthly malware report issued by Kaspersky Lab has detected, two open connection Trojans - Trojan-Downloader.Java.OpenConnection.cf and Trojan-Downloader.Java.OpenConnection.bu and affected over 40,000 computer systems at their peak during a 24-hour period during the last month.Attackers can launch such drive-by attacks to gain remote access to computer systems, acquire user privileges, alter data, collect documents containing sensitive information and send them to remote servers.The stolen data may be used for identity theft and misrepresentation.

Therefore, Internet users must be wary of clicking suspicious links and banner ads. They must not enter personal details on any website, without checking their authenticity to ensure information security and confidentiality. Users can also prevent automatic execution of malicious scripts by disabling ActiveX scripts and ActiveX controls.

Organizations must conduct regular security audit of websites and web applications through ethical hacking, penetration testing and other real-time tests to identify the threat vectors and initiate corrective active prior to their exploitation by criminals.

EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. “Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation” as stated by EC-Council’s Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.

ABOUT EC-COUNCIL

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

Press Contact

Steve Graham
6330 Riverside Plaza Ln NW
Suite 210
Albuquerque, NM 87120
Steve.graham@eccouncil.org
505.341.3228


Keywords: Java, open connection Trojans, malware, information security, identity theft, remote access, vulnerabilities, drive-by attacks, security, malicious code,

-

0    submitted by iClass -
Read More Press Releases

Fontan Operation Website Comes of Age

‘The Unsafe Future of Safe Drinking Water’—High Alarming Threats Concerning The Complex Water Toxicities Of Under-ground Water Reserves—UN-Water Decade Observance 2014.

Dangote, Zenith Bank, Quits Aviation to Invest in Kenya

High Risk Alarm for Under-ground Water Toxicification in ASIA & AFRICA Regions On The UN’s World Water Day Observance.

Learn Quran, Tajweed and Arabic with NATIVE FEMALE Qualified and experienced Teacher

Removed

Restaurant Laperouse partners with Designer TIFFANY BROWN for 2015 Winter Collection

HINT Water and Pretzel Crisps® Partners with Designer TIFFANY BROWN for 2015 Winter Collection Fashion Show

Pay Rs 170 crore for an uber-posh address

Pressure on farmland

Get press releases by email