Mal/JavaGen-E

Mal/JavaGen-E is a malicious Java script that takes advantage of existing issues with this platform in order to execute malicious code on the victim's computer. Mal/JavaGen-E has been involved in a widespread malware attack involving hacked GoDaddy websites. The payload of these attacks involving Mal/JavaGen-E comes in the form of ransomware Trojans, which block access to victims' computer systems and display fake, threatening messages from the police in order to extort a ransom from the affected computer user. Due to the fact that Go Daddy is the largest domain registrar and web hosting company in the world, these attacks have received quite a lot of attention from PC security analysts.

Mal/JavaGen-E Attacks Involve DNS Hacked Websites

DNS is a system that allows converting host names to IP addresses. The main reason why this is necessary is because IP addresses can be changed, managed and manipulated more easily than host names and, while host names tend to be permanent, IP addresses constantly change due to changing allocation of resources. It is important to note that GoDaddy is not responsible for these attacks, which are most likely caused by website owners using poor passwords to protect their computer systems. Criminals have managed to change the DNS records of several websites by adding malicious IP addresses, meaning that various malicious sub-domains are loaded along with a legitimate URL. This can trick security software and unsuspecting computer users into allowing Mal/JavaGen-E into their computer. When the hacked website loads, the victim's web browser connects with malicious IP addresses, which will usually make use of the Cool EK exploit kit (a Russian exploit kit very similar to the BlackHole exploit kit) to install malware on the victim's computer.

Mal/JavaGen-E is Not the Only Malware Infection Involved in this Attack

The Mal/JavaGen-E attack involves various malicious components. This attack will also involve a browser hijacker, a Trojan dropper, and the payload itself. The payload, in this case, belongs to a large family of ransomware Trojans designed to threaten inexperienced computer users. These kinds of Trojans block access to the victim's computer and display a full screen message claiming that the victim is being accused by the police of illegal activities. It then goes on to demand the payment of a ransom in order to unblock the infected computer. ESG security researchers strongly advise protecting your computer from Mal/JavaGen-E with the aid of a reliable anti-malware program which should be kept fully updated at all times.