Whitehole exploit kit in the spotlight
Posted on 07.02.2013
The effectiveness of exploit kits has made them malware peddlers' preferred way of distributing their malicious wares. The Blackhole exploit kit is, by far, the most most used one, and has pretty much cornered the market at the moment, but there are other kits out there looking to challenge its supremacy.

Among them is a new exploit kit that has been dubbed "Whitehole" by researchers for the simple reason of differentiating it from Blackhole.

Whitehole employs exploits for five Java Runtime Environment vulnerabilities, and among them is also the recently patched zero-day (CVE-2013-0422) that has ben wreaking havoc last month, and exploits for which have been added both to the Blackhole and Cool exploit kit.

"Whitehole Exploit Kit is purportedly under development and runs in 'test-release' mode," shared Trend Micro threat response engineer Jonh Chua. "However, the people behind this kit are already peddling the kit and even command a fee ranging from USD 200 to USD 1800."

The ability to evade antimalware detections, to prevent Google Safe Browsing from blocking it, and to load as much as 20 files at once will likely make it easy for Whitehole to secure a considerable slice of the market for itself. The smaller price when compared to Blackhole is also worth mentioning.

The kit is currently employed in several campaigns to deliver the ZeroAccess backdoor and downloader Trojan and ransomware.


Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Tue, Oct 21st