Jan Širmer

4 September 2012

High-profile, legitimate site contains malware

Go to comments Leave a comment

Not only users visiting high-risk sites need avast! protection, but also, for example, visitors of the well-known site samsungimaging.net (the Samsung SMART CAMERA blog) were able to notice that their avast! protected them from a threat.

Yesterday, on this site AVAST began to detect malicious Java content.

The malicious file was called Gondvv.class, which is a well-known bad file detected by AVAST as Java:CVE-2012-0507 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507) and Java:CVE-2012-4681 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681) - a recently discovered zero-day exploit affecting newest version of JRE (1.7). You can find the description of exploit on Oracle's site http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html.

Inside samsungimaging.net html code we found the injected applet:

JavaX.jar contains two files, Gondzz.class and Gondvv.class, which are used for exploiting users' computers.

avast! keeps users safe even against new malware.

Virus Lab, lab, General, exploit, Injected applet, legitimate site, Java CVE