Jan Širmer

4 September 2012

High-profile, legitimate site contains malware

Not only users visiting high-risk sites need avast! protection, but also, for example, visitors of the well-known site samsungimaging.net (the Samsung SMART CAMERA blog) were able to notice that their avast! protected them from a threat.

Yesterday, on this site AVAST began to detect malicious Java content.

The malicious file was called Gondvv.class, which is a well-known bad file detected by AVAST as Java:CVE-2012-0507 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507) and Java:CVE-2012-4681 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681) - a recently discovered zero-day exploit affecting newest version of JRE (1.7). You can find the description of exploit on Oracle's site http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html.

Inside samsungimaging.net html code we found the injected applet:

JavaX.jar contains two files, Gondzz.class and Gondvv.class, which are used for exploiting users' computers.

avast! keeps users safe even against new malware.

Threat Research, Security News