Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Blogs
    • Security Watch

    Fallen Beauty: Attackers Feast on Prejean Scandal

    By
    Matthew Hines
    -
    November 20, 2009
    Share
    Facebook
    Twitter
    Linkedin

      As soon as you see the words “beauty queen” and “sex tape” being used in the same sentence it’s pretty easy to predict that we’ll seen soon see a spate of related cyber-attacks.

      And with the sex tape scandal of former Miss California unfolding, the expected range of threats aimed at taking advantage of the news item have already begun to flood in.

      In one of the latest campaigns, as tracked by researchers at McAfee, attackers are trying to tap into growing interest in the lascivious footage by distributing a malicious Java applet attack tied to the beauty queen’s downfall.

      As with so many video-based attack techniques that we’ve seen, the campaign tries to lure end users to a site that promises to offer the desired clip, and asks them to download additional content to do so, in this case the aforementioned Java applet.

      McAfee Avert Labs researcher Rahul Mohandas reports that the involved applet contains a signature that activates browsers to verify themselves through a remote, independent certificate-authority server.

      Once the signature is verified and the user also approves it, the signed applet can gain more rights, “becoming equivalent to an ordinary application,” the researcher noted in a blog post. “When the app is injected into a trusted Web site, users would hardly take the trouble to validate if the certificate is legitimate,” he said.

      Then when the applet runs in the browser it fo course downloads a malicious executable on any affected machines.

      Mahondas contends that despite its simplicity, the technique should prove effective in catching some flies, as so many legitimate online apps use Java and people are used to interacting with applet downloads.

      And, “unlike spammed links that contain a cocktail of exploits or a zero-day attack, this approach exploits the applet’s design,” the expert notes.

      The fact that the attack isn’t tied to a single browser is another important factor to consider, and it works automatically on any machine with the latest version of Java, broadening its impact.

      Clearly when time honored combinations like sex tape news and poisoned multimedia applets come together it’s hard to imagine why attackers wouldn’t want to try to get onboard.

      Because if it ain’t broke, why fix it.

      Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

      Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to [email protected].

      Avatar
      Matthew Hines

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×