Yesterday Kaspersky Lab detected the first rootkit banker created to infect 64-bit systems. It was detected in a drive-by-download attack made by Brazilian cybercriminals.
We found a malicious Java applet inserted in a popular Brazilian website. The attack was made using a malicious applet in such a way as to infect users running old versions of the JRE (Java Runtime Environment) and was prepared to infect users running versions of both 32 and 64 bits systems.
Inside this applet we found some interesting files:
The entire malicious scheme is simple yet interesting. The file add.reg will disable the UAC (User Account Control) and modify the Windows Registry by adding fake CAs (Certification Authorities) in the infected machine:
Source : Google Reader
No comments:
Post a Comment