News of the attack first surfaced on a Web forum and was later investigated by Christopher Boyd of Vitalsecurity.org, a UK-based security news site. When users visit an infected site, they are asked to install a Java applet distributed by "Integrated Search Technologies".
If the user agrees, a .jar file is downloaded, which proceeds to download and install a number of adware applications, according to Boyd. Internet Explorer then automatically opens, displaying advertisements and embedded advertising tools. The attack works regardless of IE's security settings, Boyd said. The installed adware includes DyFuCA, Internet Optimizer, ISTsvc, Kapabout, sais (180 Solutions), SideFind and Avenue Media, he said.
Itís not all doom and gloom, though. The spyware only works with Sun's Java Runtime Environment, and there are warnings issued during infection. But this may not be enough to stop many users from becoming infected.
The installer works on Firefox, Mozilla, Netscape and Avant, but was blocked on NetCaptor and Opera, Boyd said. "Only two out of six had the good sense to steer clear of even asking the user if they wanted to install the applet," Boyd wrote on Vitalsecurity.org.