SpeedTest.net Pushing Java Exploit

First of all we love SpeedTest.net. Even with its Flash-based War Games effects, it’s still our goto site when investigating slow network connections. That’s why we were a little taken aback when we discovered an Invincea blog post noting that our beloved site being involved in exploiting visitors using one of the recent Java vulnerabilities. The main theme behind the Invincea post wasn’t necessarily their browser sandboxing product per se (although it does look helpful) but more on emphasizing “that the highest concentration of online security threats are in fact legitimate destinations visited by mass audiences.”

In the detailed post Eddie Mitchell analyzes the attack on SpeedTest.net. One of the key findings was that the popular site didn’t actually host any Java exploit code but simply redirected visitors to another site that did.

We recently stumbled across an exploit of speedtest.net in doing what normal users do – visiting a legitimate site that provides a legitimate service.  In this case after being exploited, www.speedtest.net was being used to redirect user traffic to sites hosting malicious code.  In order to verify, we employed a Windows XP SP3 test machine protected by Invincea Enterprise and installed with IE8 and Java 7 Update 10.  Java 7 Update 11 is currently the latest and was released by Oracle in response to the previous Java 0-day vulnerability (CVE-2013-0422).

Eddie continues on with some screenshots showing an analysis of the attack in action using their test machine protected by the Invincea browser protection add-on along with Wireshark and VirusTotal.com. In the end he concludes:

The exploit analysis shows that potentially a large number of users were exposed to a Java-based exploit temporarily hosted by speedtest.net. Indicators show the exploit implemented by injected Javascript and used the “g01pack” exploit kit likely compromised speedtest.net as part of a malvertising campaign. The exploit used a number of tactics and techniques to evade detection while exploiting the commonly vulnerable Java software plug-in. Speedtest.net is a popular site widely used to test network connection speeds. The exploit shows that legitimate sites pose risks to online users who browse without protection.

Here’s a video they produced showing the exploit in action.

As of early Monday SpeedTest.net had fixed the redirection vulnerability however if you visited the site starting late Friday through then, it might be time to clean some malware off your computer using our four easy steps. 😉

Source: “Popular Site Speedtest.net Compromised by Exploit…Drive-By STOPPED by Invincea” – Invincea.com

#####

Did you visit SpeedTest.net over the weekend? Notice anything odd? Let us know in the comments below. Today’s post pic is from SpliceVine.com. See ya!

19 comments for “SpeedTest.net Pushing Java Exploit

  1. February 5, 2013 at 8:02 am

    BLOGGED: http://t.co/ED1x8Iz1 Pushing Java Exploit http://t.co/TD7nIqHY

  2. February 5, 2013 at 8:47 am
  3. February 5, 2013 at 9:25 am

    http://t.co/Pf6nzdRn Pushing Java Exploit http://t.co/4CXGQtm1 @sggrc @leolaporte

  4. February 5, 2013 at 10:54 am
  5. February 5, 2013 at 11:54 am

    http://t.co/rRZEzBIB pushing Java Exploit!! [not hosting any but rather redirecting users to a website that did] | https://t.co/sz9I4kZU

  6. February 5, 2013 at 1:23 pm
  7. February 5, 2013 at 3:24 pm
  8. February 6, 2013 at 12:01 pm

    http://t.co/sbBwm3S1 compromised by Java exploit – find out more here. http://t.co/19r88fvP

  9. February 6, 2013 at 12:09 pm

    Si estuviste por http://t.co/ELUigBRM la semana pasada, te recomiendo que formatees tu pc https://t.co/7wKw7PGA

  10. February 6, 2013 at 6:01 pm

    http://t.co/ED1x8Iz1 compromised by Java exploit – see our post for more details. http://t.co/pxk27baf

  11. February 6, 2013 at 11:25 pm
  12. February 7, 2013 at 9:04 am

    http://t.co/yyFBWJAj Pushing Java Exploit https://t.co/ppjQ66EW via @grecs

  13. February 7, 2013 at 9:18 am
  14. February 7, 2013 at 10:32 am

    Rt @marcusjcarey: http://t.co/PBfHbbOn Pushing Java Exploit https://t.co/3WiJ593J via @grecs

  15. February 7, 2013 at 11:46 am
  16. February 7, 2013 at 5:31 pm

    Ooops 🙂 #speedtest java exploit https://t.co/TPC0PD7K

  17. February 8, 2013 at 8:36 am

    Am I the only one who missed the whole speed test dot net java thing? https://t.co/Zp1tU5U9

  18. February 9, 2013 at 9:37 am
  19. February 14, 2013 at 11:05 am

    @TaylorZeNiNjA https://t.co/6hZbD8SQ Hopefully with Java disabled!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.