RedKit exploit kit spotted in the wild
Posted on 03.05.2012
A new exploit kit that Trustwave researchers have spotted being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits.

This new kit has no official name, so the researchers dubbed it RedKit due to the red coloring scheme of its administration panel.

RedKit's creators decided to promote it by using banners, and potential buyers are required to share their Jabber username by inputing it into an online form hosted on a compromised site of a Christian church.

Equipped with this piece of information, the developers are the ones who contact the buyers and provide them with a demo account so that they can check the software out.

The admin panel looks pretty much as any other, and offers the usual things: statistics for incoming traffic, the option to upload a payload executable and scan it with 37 different AVs (click on the screenshot to enlarge it):



As each malicious URL gets blocked by most security firms in the first 24 to 48 hours, the exploit kit developers also provide an API which produces a fresh URL every hour, so that customers can set up an automated process for updating the traffic sources every hour or so to point to the new URL.

"This basically means that people behind this project have invested considerable amount of resources and reserved a big batch of domains to use over a period of time," the researchers explain.

To deliver the malware, RedKit exploits two popular bugs: the Adobe Acrobat and Reader LibTIFF vulnerability (CVE-2010-0188) and the Java AtomicReferenceArray vulnerability (CVE-2012-0507), lately used by the criminals behind the massive Flashback infection.







Spotlight

Emerging cloud threats and how to address them

Posted on 15 September 2014.  |  Public and community clouds can be appealing targets for hackers looking to disrupt or steal information from scores of organizations with one successful strike. Here are some emerging security threats and issues cloud providers and their clients should be aware of.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 16th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //