Tuesday, January 05, 2010 1:40 PM
cmosby
Report of Java Object Serialization exploit in use in web drive-by attacks – SANS Internet Storm Center
Report of Java Object Serialization exploit in use in web drive-by attacks
Published: 2010-01-05,
Last Updated: 2010-01-05 17:54:55 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s) 
acebook 
witter
We've had a report (thanks Tom!) of a java applet exploiting CVE-2008-5353 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353) as part of a web drive-by attack. While PoC has been around for a long time for this, this is the first time I've heard of it being used in the wild for a general attack. If anyone else has seen this, we'd be interested to hear about it.
The applet is already being detected by some A/V packages according to VirusTotal: https://www.virustotal.com/analisis/d4f5bcc9acecb2f53a78313fc073563de9fc4f7045dd8123a23a08f926a3974d-1262270360
As we get more details on what it does, we'll update this entry with it.
Filed under: Security and Anti-Virus, Internet Hacks, Spam\Phishing