Fake EFF Domain Spreads Malware In Spear Phishing Campaign
Thanks to Google's security team, the EFF discovered that someone was targeting people with a spear phishing attack using a fake "electronicfrontierfoundation.org" domain. The domain was registered on August 4, likely under a false name, and the attack started the same day, according to the EFF.
The attack was not carried using this single electronicfrontierfoundation.org, but was part of a larger espionage campaign called "Pawn Storm," which was uncovered a year ago by Trend Micro, a security and antivirus company. According to Trend Micro, the group behind Pawn Storm was likely tied to the Russian government and has been active since at least 2007.
The attack used a recently discovered Java vulnerability, the first known zero-day in the past two years. The target would receive a spear phishing email containing a link in the form of "http://electronicfrontierfoundation.org/url/{6_random_digits}/Go.class," which contains a Java applet that exploits a vulnerable version of the Java Virtual Machine. After the URL would be clicked, it would no longer send any malware payloads in order to make life difficult for malware analysts.
After the first Go.class payload is dropped on the user's machine, the attacker gains full control and can send a second App.class payload, which exploits the same Java vulnerability earlier reported by Trend Micro.
This second payload is able to then download a second stage binary, called comac.mcr, and it can detect whether the user's machine is Windows, Linux or Mac OS X to send the appropriate file for infecting that operating system.
The EFF believes that because the attack used the same Java vulnerabilities, path names and payloads, there's a high chance it's the same group responsible for the other Pawn Storm attacks.
In 2014, FireEye, another security firm, released a paper about the "APT-28" campaign that used similar malware and was tied to the Russian government. The past attacks included targets such as Russian dissidents and journalists, U.S. Defense Contractors, NATO forces, and White House staff. Therefore, the EFF concluded that these attacks using the fake EFF domain must have been carried out by the Russian government as well.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
The EFF has already reported the domain name for abuse (although it's still active for now), and Oracle has patched the zero-day vulnerability in its VM. EFF suggested that anyone who wants to better protect themselves against phishing attacks or other espionage attempts should read its Surveillance Self-Defense guide.
Follow us @tomshardware, on Facebook and on Google+.
-
OpalSerPenT yeah I agree, more likely nsa. Blaming russia for everything is what the present nwo zionist oligarchy areReply
doing with their zionist globalist media puppets. They want ww3 bad before wall st collapses and the rich
lose a lot of money. -
Gaidax yeah I agree, more likely nsa. Blaming russia for everything is what the present nwo zionist oligarchy are
doing with their zionist globalist media puppets. They want ww3 bad before wall st collapses and the rich
lose a lot of money.
I truly wonder if you actually believe this shit. -
Kennyy Evony 16541936 said:yeah I agree, more likely nsa. Blaming russia for everything is what the present nwo zionist oligarchy are
doing with their zionist globalist media puppets. They want ww3 bad before wall st collapses and the rich
lose a lot of money.
I truly wonder if you actually believe this shit.
Truth is often hard to swallow. -
Marty01 yeah I agree, more likely nsa. Blaming russia for everything is what the present nwo zionist oligarchy are
doing with their zionist globalist media puppets. They want ww3 bad before wall st collapses and the rich
lose a lot of money.
I truly wonder if you actually believe this shit.
Why not? Because media controlled entirely by zionists don't talk about it?
-
Christiaan Lourens Love the game, even though I only played it for a short while thus far ( by that I mean I have not explored all there is to it since it is quite a vast game with so many things to do). One thing I will note however is similar to DayZ the community is sometimes pretty bad on certain servers, so just hop around till you find one you like. Then just have your friends join you there.Reply