The method scans for multiple un-patched Microsoft vulnerabilities in an aim to install a back-door Trojan, according to Joel Camissar managing director A/NZ at Websense.
“Rather than looking for one exploit – which is the norm - it looks for several and hones in on one to then install a Trojan horse,” said Camissar.
“When the Web site is visited, a malicious JavaScript file (e.js) is executed. Site visitors infected with this malicious code will have a Trojan downloaded and backdoor installed on their desktops,” according to a Websense advisory.
First discovered on 17th August, the technique was used to attack a prominent Indian bank and a US biotechnology company, said Camissar.
“And this campaign is hosted by the same group,” he added.
.jpg&h=140&w=231&c=1&s=0)
_(39).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
