New Whitehole exploit toolkit emerges on the underground market
For now the toolkit only targets Java vulnerabilities, researchers say
IDG News Service - A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.
Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player.
Attacks that use such toolkits are called drive-by downloads and they don't require any user interaction, making them one of the most efficient ways to distribute malware. Users generally get redirected to drive-by download attack pages when visiting compromised websites.
Whitehole uses similar code to Blackhole, one of the most popular exploit toolkits used today, but does have some particular differences, the Trend Micro security researchers said in a blog post.
For one, Whitehole only contains exploits for known Java vulnerabilities, namely: CVE-2011-3544, CVE-2012-1723, CVE-2012-4681, CVE-2012-5076 and CVE-2013-0422.
The most recent of these vulnerabilities, CVE-2013-0422, was patched by Oracle in Java 7 Update 11, which was released as an emergency update on Jan. 13 in response to drive-by download attacks that were already exploiting the flaw. The first CVE-2013-0422 exploit was found in Cool Exploit Kit, a high-end version of Blackhole, but the exploit was later added to Blackhole as well.
Other notable Whitehole features include the ability to evade antivirus detection, prevent Google Safe Browsing from detecting and blocking it, and load up to 20 malicious files at once, the Trend Micro researcher said.
Whitehole is still under development and currently operates as a test release. However, its creators are already renting its usage to other criminals for prices between $200 and $1,800, depending on their traffic volume.
According to the Trend Micro researchers, Whitehole is being used to distribute a variant of a rootkit called ZeroAccess (or Sirefef) whose purpose is to install additional malware.
"Given Whiteholes current state, we may be seeing more noteworthy changes to the exploit kit these coming months. Thus, we are continuously monitoring this threat for any developments," the researchers said.
Security experts are regularly advising users to keep their software and browser plug-ins up to date in order to protect their computers from drive-by download attacks. However, in some cases, attackers use exploits for vulnerabilities that haven't been patched -- zero-day exploits. To prevent such attacks, it's better to completely disable browser plug-ins that are not frequently used and to enable click-to-play for plug-in based content in browsers that support the feature like Mozilla Firefox, Google Chrome and Opera.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts