Trustwave researchers have spotted a new exploit kit called "RedKit Exploit Kit" that being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits.
In actual, The new kit has no official name, so the researchers dubbed it 'Redkit' due to the red bordering used in the application's panel.
"Logging to the admin
panel presents you with options which are typically used by other
exploit kits. The panel allows you to check the statistics for incoming
traffic, upload a payload executable and even scan this payload with no
less than 37 different AV’s," Trustwave reports.
To deliver the malware, RedKit exploits two popular bugs:
1.) The Adobe Acrobat and Reader LibTIFF vulnerability (CVE-2010-0188).
2.) The Java AtomicReferenceArray vulnerability (CVE-2012-0507), lately used by the criminals behind the massive Flashback infection.
"As
each malicious URL gets blocked by most security firms after 24 to 48
hours, the Redkit's author have provide a new API which will produce a
fresh URL every hour, so that customer of this exploit kit can now set
up an automated process for updating the traffic sources every hour or
so to point to the new URL."
Nema komentara:
Objavi komentar