Popads loading up java exploits with “.jnlp” file

Popads seems to be using a .jnlp file to make it’s actions seem more legitimate to the end user.

Paste of .jnlp file

What’s a JNLP file?

When loaded, this gives a nice little animated popover…while the malicious stuff is happening in the background. This is used to bypass the security warning that was introduced in JRE7u11.

There may be a misconfig on this as it created a very large number of instances of java. šŸ™‚

Popads post updated with this “jnlp” info.

Ref: http://security-obscurity.blogspot.no/2013/04/the-latest-java-exploit-with-security.html

Comments are closed.