Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    neutrinoRobust and stealthier toolkits are predicted to emerge this year. This was first seen when the WhiteHole Exploit Kit appeared in the threat landscape. It took advantage of several vulnerabilities including the infamous CVE-2013-0422.

    Additionally, there have been reports of another new exploit kit called “Neutrino” being sold in the underground. The exploit, which we detect as JAVA_EXPLOYT.NEU takes advantage of the following vulnerabilities:

    Systems with versions Java 7 Update 11 and below are vulnerable. When exploited successfully, it downloads a ransomware variant, or  TROJ_RANSOM.NTW. Ransomware typically lock computers until users pay a certain amount of money or ransom. Our research paper Police Ransomware Update contains more information on the said threat.

    The vulnerabilities covered in CVE-2013-0431 were also exploited in a BlackHole Exploit kit spam run that supposedly came from PayPal. This vulnerability was addressed when Oracle released an out-of-band update, raising issues and concerns. On the other hand, CVE-2012-1723 was also employed by the BlackHole Exploit kit as well as the WhiteHole exploit kit.

    Neutrino’s features

    The perpetrators of the Neutrino toolkit highlight the following features:

    • User friendly control panel
    • Easy management of domain and IP (a countermeasure to AV software)
    • Continuous monitoring of AV statuses
    • Traffic filtering
    • Stealing target system information by means of browser plugin detectors
    • Encryption of stolen information sent back to the server
    • Filters what information to send
    • Appropriate exploit recommendation
    • Notification of vulnerability support, exploit codes and payloads

    Based on an underground forum, the people behind Neutrino also offer a rent on their servers with server maintenance services. Renting the Neutrino kit costs US$40 per day and US$450 for an entire month. According to senior threats researcher Max Goncharov, the perpetrators have been known to buy iframe traffic since 2012 in order to generate profit. They may have built the said toolkit on their own and decided to sell it in the underground.

    The methods in Neutrino are quite similar to others; however, the highlighted features in Neutrino mean that attackers are indeed becoming more sophisticated and organized.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice