{"id":3476,"date":"2012-03-19T16:37:29","date_gmt":"2012-03-19T21:37:29","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=3476"},"modified":"2012-03-19T16:37:29","modified_gmt":"2012-03-19T21:37:29","slug":"a-unique-fileless-bot-attacks-news-site-visitors","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=3476","title":{"rendered":"A unique \u2018fileless\u2019 bot attacks news site visitors"},"content":{"rendered":"<blockquote><p>Analysis of the exploit\u2019s JAR file demonstrated that it exploits a Java vulnerability (CVE-2011-3544). Cybercriminals have been exploiting this vulnerability since November in attacks targeting both MacOS and Windows users. Exploits for this vulnerability are currently among the most effective and are included in popular exploit packs.<\/p><\/blockquote>\n<p>via <a href=\"http:\/\/www.securelist.com\/en\/blog\/687\/A_unique_fileless_bot_attacks_news_site_visitors\">A unique \u2018fileless\u2019 bot attacks news site visitors &#8211; Securelist<\/a>.<\/p>\n<blockquote><p>After successfully injecting and launching the malicious code (dll), Java begins to send requests to third-party resources, which look like Google search requests: \u201csearch?hl=us&amp;source=hp&amp;q=%s&amp;aq=f&amp;aqi=&amp;aql=&amp;oq=\u201d\u2026<\/p>\n<p>These requests include data on the browsing history taken from the user\u2019s browser, as well as a range of additional technical information about the infected system.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Analysis of the exploit\u2019s JAR file demonstrated that it exploits a Java vulnerability (CVE-2011-3544). Cybercriminals have been exploiting this vulnerability since November in attacks targeting both MacOS and Windows users. Exploits for this vulnerability are currently among the most effective &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=3476\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[345,347,101],"class_list":["post-3476","post","type-post","status-publish","format-standard","hentry","category-technical","tag-java","tag-malware","tag-security"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/3476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3476"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/3476\/revisions"}],"predecessor-version":[{"id":3477,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/3476\/revisions\/3477"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3476"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}