SpeedTest.net Pushed Java Exploit

Discussion in 'other security issues & news' started by EncryptedBytes, Feb 5, 2013.

Thread Status:
Not open for further replies.
  1. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    SpeedTest.net, a free service that tests the performance of Broadband connections, was compromised and made to serve malware, according to security vendor Invincea. Good write up:

    http://www.invincea.com/2013/02/pop...mised-by-exploitdrive-by-stopped-by-invincea/

     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I've used SpeedTest.net and so I was curious as to what would have happened had I connected to this site during the period in which it hosted the malicious code. From the article:

    As with most exploits, the legitimate site does not host the malware executables; rather, the site is compromised with code to redirect the user.

    OK, the exploit would fail at this point. Although SpeedTest.net doesn't require the Java Plug-in, even if it did and I had that site whitelisted for Java, upon redirection to a different site not whitelisted, the code exploiting Java would not run.

    I'll pretend the Plug-in was enabled to see what else might happen.

    I've tested in the past that the firewall can alert to any attempt by unauthorized programs (java.exe or javaw.exe) to connect out:

    [​IMG]


    I've also tested in the past that if executables already installed are whitelisted, no others can install/run (or be loaded, in this case):

    [​IMG]

    Very true indeed.


    ----
    rich
     
  3. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I just did this test sometime last week with no problem must of been compromised very recent but I don't have java - ever.
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I did a test 2 days ago. But I don't have Java installed.
    Even if the sites claims that it requires Java to be installed, the test went just fine. IDK if it used the Flash plugin instead to function properly. :doubt:
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    The site requires both Javascript and the Flash Plug-in to work. If one or both are disabled, an error message appears:

    speedtest.jpg

    Here is where whitelisting Javascript either within the browser, or using NoScript, lets me down.

    Looking at the exploit analysis in the article, the exploit code injected to the site uses Javascript.

    If I have Javascript disabled, I need to enable it to use the site. When I do that, it also lets the exploit code run and redirects me to the site with the code that exploits the Java plug-in.

    What happens after that depends on several things, as I showed in my first post.


    ----
    rich
     
    Last edited: Feb 6, 2013
  6. niki

    niki Registered Member

    Joined:
    Jun 9, 2010
    Posts:
    363
    I visited SpeedTest.net just yesterday without any problems. I do have Adobe's Shockwave Flash and NoScript, the latter which I disabled for the test.

    Luckily the site was fixed as per the above-mentioned article.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Last I checked it uses Java to try and test line quality, an entirely optional procedure.
     
  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I used the website a couple days ago also, did not notice anything weird. :D
     
  9. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Seems like even if you push Javascript and Flash white-listing aside, most folks would be 'saved' by not having Java plug-in enabled within the browser...
     
  10. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Ah I see, that's why the actual speed test went fine, but it skipped to test the line quality wich is fine by me as long as I don't need to be bothered with Java.
     
Loading...
Thread Status:
Not open for further replies.