RedKit exploit kit spotted in the wild
Posted on 03.05.2012
A new exploit kit that Trustwave researchers have spotted being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits.

This new kit has no official name, so the researchers dubbed it RedKit due to the red coloring scheme of its administration panel.

RedKit's creators decided to promote it by using banners, and potential buyers are required to share their Jabber username by inputing it into an online form hosted on a compromised site of a Christian church.

Equipped with this piece of information, the developers are the ones who contact the buyers and provide them with a demo account so that they can check the software out.

The admin panel looks pretty much as any other, and offers the usual things: statistics for incoming traffic, the option to upload a payload executable and scan it with 37 different AVs (click on the screenshot to enlarge it):



As each malicious URL gets blocked by most security firms in the first 24 to 48 hours, the exploit kit developers also provide an API which produces a fresh URL every hour, so that customers can set up an automated process for updating the traffic sources every hour or so to point to the new URL.

"This basically means that people behind this project have invested considerable amount of resources and reserved a big batch of domains to use over a period of time," the researchers explain.

To deliver the malware, RedKit exploits two popular bugs: the Adobe Acrobat and Reader LibTIFF vulnerability (CVE-2010-0188) and the Java AtomicReferenceArray vulnerability (CVE-2012-0507), lately used by the criminals behind the massive Flashback infection.







Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //