Computer Security Research - McAfee Labs Blog

Drive-by-Download Du Jour

Thursday April 9, 2009 at 9:46 am CST
Posted by Karthik Raman

LuckySploit is an exploit framework that’s been in the news recently. As drive-by-downloads go, it lurks behind iframes and foists malware upon unsuspecting users.

One LuckySploit attack we analyzed downloaded the FakeAlert-BY Trojan. So if you visited a Web site today then saw this…

FakeAlert-BY

… then you are, unfortunately, infected with FakeAlert-BY, and possibly thanks to LuckySploit.

We detect the LuckySploit downloader as JS/Downloader-BNL in the 5580 DATs, to be released on April 10. We’ve had detection for FakeAlert-BY since the 5545 DATs, released on March 6.

Please update your AV signatures and stay secure!

This entry was posted on Thursday, April 9th, 2009 at 09:46 and is filed under Exploit Research, Malware Research, Web and Internet Safety. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Drive-by-Download Du Jour”

kevin mitnick Says:
April 14th, 2009 at 05:23
hi fans,
nasty little malware …
sincerely KM
Computer Security Research - McAfee Avert Labs Blog Says:
July 2nd, 2009 at 09:32
[...] products, a.k.a. scareware, became rampant.� These Trojan families are typically spread via Drive by downloads, SEO poisoning, Spam campaigns and clever social engineering. Having these methods discussed in [...]
Computer Security Research - McAfee Labs Blog Says:
November 9th, 2009 at 20:20
[...] video shows that the malware is literally pushed onto the system regardless of what the user does. In the past we have seen malware injected into a compromised site through exploits and iframes. Today, malware [...]
Fake Alerts Uncovered – Security Threat Research News Says:
December 12th, 2009 at 04:02
[...] [...]

Drive-by-Download Du Jour

4 Responses to “Drive-by-Download Du Jour”

Leave a Reply

Archives

Categories