This time, the proposal called JustExploit. This is a new Exploit Pack of Russian origin who has a seasoning that is increasingly being taken into account most heavily crimeware developers: the exploitation of vulnerabilities in Java. That is, in addition to exploit known vulnerabilities for MDAC and PDF files, exploits Java in all those computers that have installed the runtime.
Another interesting fact which emerges from this module is the high rate of effectiveness which has the exploitation of the vulnerability in Java, with even a greater success rate with respect to two other vulnerabilities (MDAC and PDF).
Through a file "index.php" script that has a dull, JustExploit try to run three exploits for vulnerabilities CVE-2008-2992, CVE-2009-0927 and CVE-2008-5353. Here we see part of the script.
In addition, the kit includes the following downloading malicious files (which for the moment, also have a very poor detection rate):
Thank you very much to the people of MDL for the information
DDoS Botnet. Nuevo crimeware de propósito particul...
T-IFRAMER. Kit para la inyección de malware In-the...
ZoPAck. Nueva alternativa para la explotación de v...
ZeuS Botnet y su poder de reclutamiento zombi
Eleonore Exploits Pack. Nuevo crimeware In-the-Wild
Mirando de cerca la estructura de Unique Sploits Pack
Adrenaline botnet: zona de comando. El crimeware ruso...
YES Exploit System. Otro crimeware made in Rusia
Barracuda Bot. Botnet activamente explotada
ElFiesta. Reclutamiento zombi a través de múltiples amenazas
Malware Domain List
Jorge Mieres Ver más