Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

300% Increase In Malicious JARs

image
THREATLABZ
May 14, 2010 - 2 min read

ImageWhile doing some stats & trends on our data, I noticed that there has been a steady rise in the number of malicious Java Archive (JAR) files that we are blocking (pulling data from both within our logs and denylists). While malicious JAR files remain a relatively small threat volume for our users (<100 incidents a month), roughly speaking there has been about a 300% increase in malicious JAR files per month observed from January 2010 to present. While our data is a small subset of the Internet as a whole, from the increases that I am seeing in our logs and the increased chatter on malicious JARs within security mailing lists, I believe it is safe to say that there has been an overall increase in malicious JARs on the Internet. There are a number of reasons supporting this increase, including:

 

  • Inclusion of JAVA exploits (for example, CVE-2008-5353 and CVE-2009-3867) within popular exploit kits (for example, Pheonix2, Eleonore, and Liberty)
  • Usage of JARs to obfuscate and redirect to malicious payloads (I used the DJ decompiler to analyze one of these the other day)
  • Tavis Ormandy's April 2010 discovery of the Java Web Start Argument Injection Vulnerability (Full Disclosure posting)
  • Adoption of the Java Signed Applet exploit (Metasploit rev. 8267, Java Applet Infection post)

Trojan executables, malicious PDFs, and browser exploits are much more prevalent than exploits against Java/JRE - but it will be interesting to continue to monitor this trend.

 

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
TOITOIN Trojan
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.