Recently, we have observed a new backdoor family which we've called BLYPT. This family is called BLYPT because of its use of binary large objects (blob) stored in the registry, as well as encryption. Currently, this backdoor is installed using Java exploits; either drive-by downloads or compromised web sites may be used to deliver these exploits to user systems. Our research shows that the servers behind these attacks are mainly centered in Romania and Turkey.

Currently, this threat is primarily hitting users in the United States; however it seems that consumers (as opposed to businesses) are the most affected.

via BLYPT: A New Backdoor Family Installed via Java Exploit | Security Intelligence Blog | Trend Micro.



My original entry is here: BLYPT: A New Backdoor Family Installed via Java Exploit | Security Intelligence Blog | Trend Micro. It posted Mon, 23 Sep 2013 16:20:45 +0000.

Filed under: InfoSec, java, malware, vulnerability,