Search This Blog

The Institute for National Security Studies (Israel) website serves Poison Ivy RAT

The official website of Institute for National Security Studies (INSS) website in Israel was injected with malicious code, warns Websense security researchers.

Interestingly, the injected code try to exploit the same Java exploit vector (CVE-2012-0507) that managed to infect around 600,000 Mac users in a massive scatter attack dubbed Flashback a few weeks ago.

When a user visit the website, the injected malicious Javascript code loads a Java exploiter. The injected code shown below consists of a "document.write" function call that uses decimal-encoded string characters to hide the exploit URL. Once decoded, it redirects user to exploit page.

The exploit page hosts a 'test.jar' file that exploits of the well-known Java vulnerability CVE-2012-0507.

After analyzing the contents of the Jar file, researchers found that it was generated by the Metasploit toolkit, holds the vulnerability CVE-2012-0507. A variant of Poison Ivy RAT is automatically installed on the victim's computer after a successful java exploitation.
Share it:


Malware Report