High-profile, legitimate site contains malware
Not only users visiting high-risk sites need avast! protection, but also, for example, visitors of the well-known site samsungimaging.net (the Samsung SMART CAMERA blog) were able to notice that their avast! protected them from a threat.
Yesterday, on this site AVAST began to detect malicious Java content.
The malicious file was called Gondvv.class, which is a well-known bad file detected by AVAST as Java:CVE-2012-0507 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507) and Java:CVE-2012-4681 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681) - a recently discovered zero-day exploit affecting newest version of JRE (1.7). You can find the description of exploit on Oracle's site http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html.
Inside samsungimaging.net html code we found the injected applet:
JavaX.jar contains two files, Gondzz.class and Gondvv.class, which are used for exploiting users' computers.
avast! keeps users safe even against new malware.
Highly effective Cerber ransomware is spread via phishing emails and demands more than $700 in ransom
Based on analysis of past Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.