Whitehole exploit kit in the spotlight
Posted on 07.02.2013
The effectiveness of exploit kits has made them malware peddlers' preferred way of distributing their malicious wares. The Blackhole exploit kit is, by far, the most most used one, and has pretty much cornered the market at the moment, but there are other kits out there looking to challenge its supremacy.

Among them is a new exploit kit that has been dubbed "Whitehole" by researchers for the simple reason of differentiating it from Blackhole.

Whitehole employs exploits for five Java Runtime Environment vulnerabilities, and among them is also the recently patched zero-day (CVE-2013-0422) that has ben wreaking havoc last month, and exploits for which have been added both to the Blackhole and Cool exploit kit.

"Whitehole Exploit Kit is purportedly under development and runs in 'test-release' mode," shared Trend Micro threat response engineer Jonh Chua. "However, the people behind this kit are already peddling the kit and even command a fee ranging from USD 200 to USD 1800."

The ability to evade antimalware detections, to prevent Google Safe Browsing from blocking it, and to load as much as 20 files at once will likely make it easy for Whitehole to secure a considerable slice of the market for itself. The smaller price when compared to Blackhole is also worth mentioning.

The kit is currently employed in several campaigns to deliver the ZeroAccess backdoor and downloader Trojan and ransomware.


Proactive real-time security intelligence: Moving beyond conventional SIEM

Discussions about security intelligence still focus primarily around conventional reactive SIEM. Security pros need to move from this reactive model to proactively using this security intelligence to protect their businesses.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Aug 31st