Researchers warn about schemes that lead to FlashPack exploit kit
Posted on 26.08.2014
Security researchers have spotted two different online schemes that lead to pages hosting the FlashPack exploit kit.

The first one relies on users visiting a compromised SourceForge sub-domain, where a JavaScript file redirects them to the website equipped with the exploit kit, which pushes on them a malicious Flash file that exploits a vulnerability to download and install a variant of the Carberp trojan.

Malwarebytes' Jerome Segura doesn't say how the users are lured or redirected to the compromised site.

The second scheme is centered around a specific add-on that adds social media sharing buttons to websites.

The add-on in question comes in the form of a few lines of JavaScript code that has to be added to the site's code, and can be freely downloaded from the add-on's website.

The problem is that for the add-on to function as intended, a JavaScript file from the home page of the add-on is loaded.

"This alone should raise red flags: it means that the site owner is loading scripts from an external server not under their control," pointed out Joseph Chen, a fraud researcher with Trend Micro.

"Its one thing if it loads scripts on trusted sites like Google, Facebook, or other well-known names; its another thing to load scripts on little-known servers with no name to protect."

And, as it turns out, this particular script is malicious. "On certain sites, instead of the original add-on script, the user is redirected to the script of FlashPack," Chen notes, adding that one of these sites is a free blogging site popular in Japan.

As before, the exploit kit serves Flash exploits which, if successful, download the Carberp trojan on the victim's computer.

According to Trend Micro, some 66,000 users - mostly in Japan - have been successfully targeted with this last scheme.

Among the vulnerabilities exploited by the kit is the CVE-2014-0497 Flash vulnerability that has been patched earlier this year. Unfortunately, a lot of people aren't good at keeping their software updated.


Hope is not a strategy, we need more healthy paranoia

35 percent of security experts believe leadership within their organization lacks a healthy paranoia, with 21 percent of leadership "relying on hope as a strategy" to avoid a cyber security breach.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Aug 31st