The Korean news site Minjok.com was recently hacked by persons unknown and infected with a malicious Java applet that appears to exploit an existing vulnerability in Oracle’s Java software. The hacker inserts a link to a false website that triggers a download of what appears to be a GIF file. This is the same type of attack that has occurred on the Reporters without Borders and NBC.com websites. This type of attack is called a “Watering Hole” attack as the hacker attempts to infect the computers of a specific group of people with a specific interest.
So a hacker wanting to infect the computers of millions of pro-Palestinians would set up a “watering hole” on pro-Palestinian news sites.In this case, the attacks were coming from a Russian server that had been rented out to a source in China. They seem to be targeting those interested in news events in China and Korea as the Minjok website is owned by a Korean man whose goal it is to unite the two Koreas into one.
Every visitor that clicks on that link unknowingly downloads a file called agentm.exe into their temp folder. This file creates a registry value to run the program when the computer is turned on. The source file is then uninstalled and cannot be found on the computer later by anti-virus or anti-malware software. It was the Kaspersky Lab researchers who discovered this group of computer experts who devote themselves to learning about viruses, malware and how to solve the problems they cause. They investigate potential viruses, malware, Trojan Horses and issues like this by setting up a “dummy” computer that will record all the attempts of the virus or malware and detail a list of all the forms the attack will take. This is a positive step towards online security.
You can follow any responses to this entry through the RSS 2.0 feed.
Leave your comment