Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Jonh Paul Chua (Threat Response Engineer)




    In our 2013 security predictions, Trend Micro Chief Technology Officer Raimund Genes predicted that we will be seeing new toolkits this year. In a recent posting of Malware don’t need coffee a new emerging exploit kit dubbed Whitehole Exploit Kit was tackled. The name Whitehole Exploit Kit is just a randomly selected name to differentiate it from BHEK.  While it uses similar code as Blackhole Exploit kit, BHEK in particular uses JavaScript to hide its usage of plugindetect.js, while Whitehole does not. It directly uses it without obfuscating this.

    We analysed the related samples, including the exploit malware cited in certain reports. The malware (detected as JAVA_EXPLOYT.NTW) takes advantage of the following vulnerabilities to download malicious files onto the system:

    Worth noting is CVE-2013-0422, which was involved in the zero-day incident that distributed REVETON variants and was used in toolkits like the Blackhole Exploit Kit and Cool exploit kit. Because of its serious security implication, Oracle immediately addressed this issue and released a software update, which was received with skepticism.

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice