Robust and stealthier toolkits are predicted to emerge this year. This was first seen when the WhiteHole Exploit Kit appeared in the threat landscape. It took advantage of several vulnerabilities including the infamous CVE-2013-0422.
Additionally, there have been reports of another new exploit kit called “Neutrino” being sold in the underground. The exploit, which we detect as JAVA_EXPLOYT.NEU takes advantage of the following vulnerabilities:
Systems with versions Java 7 Update 11 and below are vulnerable. When exploited successfully, it downloads a ransomware variant, or TROJ_RANSOM.NTW. Ransomware typically lock computers until users pay a certain amount of money or ransom. Our research paper Police Ransomware Update contains more information on the said threat.
The vulnerabilities covered in CVE-2013-0431 were also exploited in a BlackHole Exploit kit spam run that supposedly came from PayPal. This vulnerability was addressed when Oracle released an out-of-band update, raising issues and concerns. On the other hand, CVE-2012-1723 was also employed by the BlackHole Exploit kit as well as the WhiteHole exploit kit.