Fallen Beauty: Attackers Feast on Prejean Scandal

By Matthew Hines  |  Posted 2009-11-20 Print this article Print

As soon as you see the words "beauty queen" and "sex tape" being used in the same sentence it's pretty easy to predict that we'll seen soon see a spate of related cyber-attacks.

And with the sex tape scandal of former Miss California unfolding, the expected range of threats aimed at taking advantage of the news item have already begun to flood in.

In one of the latest campaigns, as tracked by researchers at McAfee, attackers are trying to tap into growing interest in the lascivious footage by distributing a malicious Java applet attack tied to the beauty queen's downfall.

As with so many video-based attack techniques that we've seen, the campaign tries to lure end users to a site that promises to offer the desired clip, and asks them to download additional content to do so, in this case the aforementioned Java applet.

McAfee Avert Labs researcher Rahul Mohandas reports that the involved applet contains a signature that activates browsers to verify themselves through a remote, independent certificate-authority server.

Once the signature is verified and the user also approves it, the signed applet can gain more rights, "becoming equivalent to an ordinary application," the researcher noted in a blog post. "When the app is injected into a trusted Web site, users would hardly take the trouble to validate if the certificate is legitimate," he said.

Then when the applet runs in the browser it fo course downloads a malicious executable on any affected machines.

Mahondas contends that despite its simplicity, the technique should prove effective in catching some flies, as so many legitimate online apps use Java and people are used to interacting with applet downloads.

And, "unlike spammed links that contain a cocktail of exploits or a zero-day attack, this approach exploits the applet's design," the expert notes.

The fact that the attack isn't tied to a single browser is another important factor to consider, and it works automatically on any machine with the latest version of Java, broadening its impact.

Clearly when time honored combinations like sex tape news and poisoned multimedia applets come together it's hard to imagine why attackers wouldn't want to try to get onboard.

Because if it ain't broke, why fix it.

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel