In the last few days experts at Kaspersky Lab have detected new samples of the malicious program MAX++ (aka ZeroAccess). This Trojan first achieved notoriety for using advanced rootkit technology to hide its presence in a system. Back then, MAX++ only worked on x86 platforms; now it is capable of functioning on x64 systems!
Computers are infected using a drive-by attack on a browser and its components via the Bleeding Life exploit kit. In particular, Acrobat Reader (CVE 2010-0188, CVE 2010-1297, CVE 2010-2884, CVE 2008-2992) and Java (CVE 2010-0842, CVE 2010-3552) modules are prone to attack.
Fragment of the exploit kit code responsible for attacking a specific version of Acrobat Reader
Hiç yorum yok:
Yorum Gönder