A popular foreign exchange market website has been compromised by a malicious java applet designed to target the machines of visitors by installing malware.
The vulnerability was detected at around midday yesterday and currently still remains compromised.
The attack is written in Visual Basic.Net and requires the users to be running Microsoft .NET framework. These types of backdoor attacks are often distributed through pre-existing exploit kits and are an unusual angle of attack. In this instance no exploit was involved, this could be due to the reliance on the victims involvement.
The victims involvement is essential for the malware to enter the system. It then continues to run a backdoor Trojan. The injection then deposits malware on the users site, resulting in vulnerability to data theft.
The reasons behind this attack are still unknown but one reason could be as a base for a future, more threatening attack.