Feeds

Chemical biz 'Nitro' hackers use Java to coat PCs in poison ivy

Chinese spying crew is back in business

Top 5 reasons to deploy VMware with Tegile

The crew behind last year's "Nitro" industrial espionage attacks are among hackers exploiting the two potent Java security vulnerabilities patched this week.

The team, which attempted to lift sensitive blueprints from companies by compromising workers' computers, is now using holes in Oracle's software to install Poison Ivy on victims' Windows machines, Symantec reports. A malicious Java applet bypasses security checks to execute the Poison Ivy malware that opens a backdoor on infected PCs to allow a remote malicious user to gain control of the system.

The latest wave of attacks rely on the same command servers and involve components with the same file names as last year's assault, which targeted chemical industry giants and defence contractors. A 20-something Chinese bloke dubbed Covert Grove was accused by Symantec [PDF] of being involved in that 2011 campaign as the attacks were traced back to his server. There's more on the Nitro attack in this analysis by Trend Micro.

Now that source code exploiting the new Java vulnerabilities is in the wild, it won't just be the Nitro team seizing upon it to execute arbitrary software on victims' machines. For example, code taking advantage of the holes has been added to the BlackHole exploit tool kit, which infects vulnerable computers when a punter visits a booby-trapped web page.

In addition, Sophos has intercepted spam emails purporting to be from the Dutch branch of the accountancy firm BDO Stoy Hayward that attempt to trick marks into running the Java attack code. The dodgy emails, which unusually include the exploit script in the body of messages, pose as communiques in Dutch about a rise in tax rates. ®

Intelligent flash storage arrays

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.