Crooks Inject Malicious Java Applet Into FOREX Trading Website

November 30, 2012 By Ali Loney

1 minute read time

The Register – (International) Crooks inject malicious Java applet into FOREX trading website. FOREX trading Web site Trading Forex was contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers, The Register reported November 30. The Web site remained contaminated as of mid-day November 29 according to Websense, the Web security firm that detected the attack. The backdoor planted on Trading Forex is written inVisual Basic.Net and requires the Microsoft’s .NET framework to be successfully installed and running on a victim’s computer. “It’s important to note that there was no exploit involved in this attack but rather a social engineering trick that requires the victim’s involvement - if successful it will allow a backdoor Trojan to run on the victim’s machine,” a senior security researcher at Websense stated. A senior security research manager added: “This injection could deposit malware to the users of this site, possibly opening them up to data stealing. We’re also seeing typosquatting being used here, perhaps ready for a future attack.”

Source: http://www.theregister.co.uk/2012/11/30/forex_trading_website_hack/

Tags: security, AppSec Spotlight

Written by Ali Loney

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.