Crimeware industry still rising, and just as illegal marketing of web applications that seek to automate the process of infection through the exploitation of vulnerabilities.
This time, the proposal called JustExploit. This is a new Exploit Pack of Russian origin who has a seasoning that is increasingly being taken into account most heavily crimeware developers: the exploitation of vulnerabilities in Java. That is, in addition to exploit known vulnerabilities for MDAC and PDF files, exploits Java in all those computers that have installed the runtime.
This time, the proposal called JustExploit. This is a new Exploit Pack of Russian origin who has a seasoning that is increasingly being taken into account most heavily crimeware developers: the exploitation of vulnerabilities in Java. That is, in addition to exploit known vulnerabilities for MDAC and PDF files, exploits Java in all those computers that have installed the runtime.
The catch statistics for the module (Intelligence) which clearly shows that from this application you are controlling a large number of computers using different browsers and different operating systems, among which is the famous Windows Seven.
Another interesting fact which emerges from this module is the high rate of effectiveness which has the exploitation of the vulnerability in Java, with even a greater success rate with respect to two other vulnerabilities (MDAC and PDF).
Through a file "index.php" script that has a dull, JustExploit try to run three exploits for vulnerabilities CVE-2008-2992, CVE-2009-0927 and CVE-2008-5353. Here we see part of the script.
Another interesting fact which emerges from this module is the high rate of effectiveness which has the exploitation of the vulnerability in Java, with even a greater success rate with respect to two other vulnerabilities (MDAC and PDF).
Through a file "index.php" script that has a dull, JustExploit try to run three exploits for vulnerabilities CVE-2008-2992, CVE-2009-0927 and CVE-2008-5353. Here we see part of the script.
Among the files that are downloaded, is the operator of Java, called "sdfg.jar", with a low detection rate. According to VirusTotal, only 15 of 41 antivirus engines.
In addition, the kit includes the following downloading malicious files (which for the moment, also have a very poor detection rate):
In addition, the kit includes the following downloading malicious files (which for the moment, also have a very poor detection rate):
- example.pdf 8/41 (19.51%)
- annonce.pdf 7/41 (17.07%)
- load.exe 25/41 (60.98%)
This activity is In-the-Wild relatively short time ago and is a dangerous attack vector that is actively being used by botmasters, as we have seen, with striking effectiveness.
Related information
DDoS Botnet. Nuevo crimeware de propósito particul...
T-IFRAMER. Kit para la inyección de malware In-the...
ZoPAck. Nueva alternativa para la explotación de v...
ZeuS Botnet y su poder de reclutamiento zombi
Eleonore Exploits Pack. Nuevo crimeware In-the-Wild
Mirando de cerca la estructura de Unique Sploits Pack
Adrenaline botnet: zona de comando. El crimeware ruso...
YES Exploit System. Otro crimeware made in Rusia
Barracuda Bot. Botnet activamente explotada
ElFiesta. Reclutamiento zombi a través de múltiples amenazas
Jorge Mieres
Pistus Malware Intelligence