Java.com and TMZ served malware due Java, Flash and Silverlight exploits

Dutch security researchers discovered that the Java website has been used to distribute malware for a couple of days. The researchers of the cybersecurity company Fox-IT found that the Java site wasn't hacked but that the malware was distributed via advertisements on the Java website. Also other websites serving the same advertisements were affected.

Java logo

ADVERTISEMENT

The malware was distributed for days by the advertising network AppNexus. The same network has been abused before to distribute malware. The malware distributors used exploits in Silverlight and Flash, but ironically also an exploit in Java.

Java.com doesn't show advertisements but the website likely uses a tool from AppNexus to track users that have clicked a banner. With the same method also other websites have been infected with malware.

Users that visited Java.com with outdated (unsafe) versions of Java, Silverlight or Flash had a high risk of being infected with the Asprox malware. This malware is used for click fraud on advertisements and to send out spam. Besides Java.com also TMZ, DeviantArt, Photobucket and the IBTimes were serving the malware.

ADVERTISEMENT

The websites served the malware from Tuesday till Friday last week but not to every visitor.  In some cases the cybercriminals succeed in serving the malware though the AppNexus advertisement network, but it some cases the malicious advertisements were blocked.

AppNexus states it has a team of researchers that is working to block malicious advertisements, however the company complains that when they block a malicious advertisement, it doesn't take long before a new one emerges.

No posts to display