An exploit is when an attacker exploits a software that you are using, or have to use, in order to gain access to your systems. There has been a rapid increase in Adwind Java-based malware as it becomes more and more difficult for users and security teams to spot attacks.
Adwind Java-based infections typically arrive as an email attachment or an infected Word document. If the user has Java Runtime Environment installed, and they open an infected file, the malware silently installs itself and connects to a remote server to receive commands from the remote attacker.
Spam campaigns containing Adwind, evolved from the Frutas RAT, are short lived, and frequently change email subjects and contain carefully crafted attachments. Basically, the attackers create a .jar file with backdoor functions that operate on a compromised system. They disguise it as an email with an innocently named .jar file, making it hard for users to know that it is actually an attacker.
McAfee reports that the number of reports of Adwind .jar based infections has grown to 7,295 in Q4 of 2015 from 1,388 in Q1 of 2015. That’s a 426% increase, and the numbers are only going to continue to grow.
In order to prevent a Java exploit, the best thing you can do is make sure you have the latest security technology including anti malware software that scans all your email attachments. Use caution when opening attachments and avoid opening unsolicited emails or unexpected attachments, even from people you know. Further, make sure your email client doesn’t automatically open attachments or render graphics.
Many small businesses don’t realize how at risk they are to attacks. Ensuring preventative measures and being proactive about your organization’s security will help keep you and your organization safe.