Wednesday, 16 April 2014

How Hackers Spread Java Drive by Malware online

We are back with a new tutorial. Well making a malicious virus is one thing but how to spread it? Or how hackers hunt for victims? Well you will definitely be disappointed when you’ll know that this trick fails sometimes! Victims are now mostly aware of the old social engineering stuff.  But cheers up my friend there's no end, i will show you a very effective methods that Hackers  use to spread malicious viruses/worms.  But first of all we should know what is Java Drive by Malware?

What is Java drive by?
A Java Drive-By is a Java Applet that is coded in Java, when placed on a website. Once you click "Run" on the pop-up, it will download a program off the internet. This program can be used to spread a virus and malware effectively and has been spotted in the wild. We can execute .exe files in victims’ computer without their permission with the help of java drive by. You can see the image of error below this:

Java Drive by Malware
Jave Drive By
Okay so whats the scenario behind this? well this is a java script in the source which pop ups the error, So lets learn how to do the job. 

Tools Needed :
i) a .jar file which is the main player of this game. Download it from here

ii) A shelled web where you will upload files for JAVA DRIVE BY! Plus you should know basic HTML to make a attractive web page. iii) A java script which is the backbone of your game.
Now lets get started, Upload you .jar file on the shelled web, than create a fake webpage its up to you how you much you make fake webpage attractive, but you have to add the java code due to which the pop up error will appear.

Java Code :

    <APPLET CODE = "Client.class" ARCHIVE = "Client.jar" WIDTH = "0" HEIGHT = "0">

So add the above code in your face webpage, just make some changes replace VALUE = "" with your virus like the image below:

Malicious code of Java Drive by Attack

 So this is it! Simplest and most effective method used by attackers to spread your malicious software.

No comments:

Post a Comment