The first two weeks of December has seen the HDD Plus malware spread throughout the Internet using the world’s largest ad serving platforms, namely DoubleClick and MSN, by using drive-by download malvertising.
HDD Plus is ransomware in that when it gets installed on a victim’s computer it holds the computer hostage by displaying threatening messages, that the system is failing, and asks the victim to purchase a license to fix the problems.
The attack uses a modified version of the Eleonore exploit pack and uses vulnerabilities in Microsoft Internet Explorer 6 & 7, the Java runtime environment (before update 19, the current version is update 23) and several weaknesses in Adobe Acrobat (including the Reader). By using exploits in Java and Acrobat, PCs using alternative browsers like Firefox or Chrome are also vulnerable.
This latest attack underlines again the need to keep your computer up to date (including not only the browser but also other applications like Java and Acrobat Reader).