Last Updated: 2013-04-23 06:01:50 UTC
by Russ McRee (Version: 1)
Full disclosure: I work at Microsoft.
This past Thursday (17 APR) Microsoft released volume 14 of its Security Intelligence Report (SIRv14) which includes new threat intelligence from over a billion systems worldwide.
It should come as no surprise that network worms are on the decrease and that web-based attacks are all the rage. Interesting report highlights include:
- The proportion of Conficker and Autorun threats reported by enterprise computers each decreased by 37% from 2011 to 2H12
- In the second half of 2012, 7 out of the top 10 threats affecting enterprises were associated with malicious or compromised websites (see example below)
- Enterprises were more likely to encounter the iFrame redirection technique than any other malware family tracked in 4Q12
- One specific iFrame redirection family called IframeRef, increased fivefold in the fourth quarter of 2012 to become the number one malicious technique encountered by enterprises worldwide
- IframeRef was detected nearly 3.3 million times in the fourth quarter of 2012
The report also takes a close look at the dangers of not using up-to-date antivirus software in an article titled “Measuring the Benefits of Real-time Security Software.” I read this with some skepticism imagining it might be heavily slanted to the use of Microsoft AV products, but read on, it's not. It refers to a ton of data generated via Microsoft telemetry but remains data-centric to point out that, on average, computers without AV protection were five and a half times more likely to be infected (What?! I'm shocked. This is my shocked face ). The study also found that 2.5 out of 10, or an estimated 270 million computers worldwide were not protected by up-to-date antivirus software. Now that actually is shocking. Really? What's the matter with people? For more information on that analysis, see details on TechNet.
Steps to exploit this vulnerability include:
- Assign a toString() method to this that will disable the security manager and then run your payload
- Overwrite the error object's message property by this
- Return the error object
- Create a new script engine and bind the applet to a JS variable (in case your payload needs it)
- Evaluate the script mentioned above
- Add the resulting object to a JList
- Display the JList to the user and wait for the UI thread to render it
- toString() (1)
- java/lang/Object error (2)
- javax/script/ScriptEngine (5)
- eval (6)
- javax/swing/JList (7)