Earlier Today i received two mails with subject related to Explosions at Boston Marathon. The mail had nothing other than a link to external page [IP_address/boston.html]
When i tried to visit the "85.198.81.**/boston.html" page, the page with title "Hot News::Videos of Explosions at the Boston Marathon 2013" displayed some legitimate youtube videos .
But, in background, the page load an iframe to a malicious page where the java exploit is being hosted. Anyway, i am not able to download the .jar file because it is unavailable when i try to download.
It seems like the same link is being used in the spam mail received by Kaspersky Lab. Kaspersky analyzed and found that malware tries to connect to several IP addresses in Ukraine, Argentina and Taiwan.
No comments:
Post a Comment