New Whitehole exploit toolkit emerges on the underground market
For now the toolkit only targets Java vulnerabilities, researchers say
IDG News Service - A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.
Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player.
Attacks that use such toolkits are called drive-by downloads and they don't require any user interaction, making them one of the most efficient ways to distribute malware. Users generally get redirected to drive-by download attack pages when visiting compromised websites.
Whitehole uses similar code to Blackhole, one of the most popular exploit toolkits used today, but does have some particular differences, the Trend Micro security researchers said in a blog post.
For one, Whitehole only contains exploits for known Java vulnerabilities, namely: CVE-2011-3544, CVE-2012-1723, CVE-2012-4681, CVE-2012-5076 and CVE-2013-0422.
The most recent of these vulnerabilities, CVE-2013-0422, was patched by Oracle in Java 7 Update 11, which was released as an emergency update on Jan. 13 in response to drive-by download attacks that were already exploiting the flaw. The first CVE-2013-0422 exploit was found in Cool Exploit Kit, a high-end version of Blackhole, but the exploit was later added to Blackhole as well.
Other notable Whitehole features include the ability to evade antivirus detection, prevent Google Safe Browsing from detecting and blocking it, and load up to 20 malicious files at once, the Trend Micro researcher said.
Whitehole is still under development and currently operates as a test release. However, its creators are already renting its usage to other criminals for prices between $200 and $1,800, depending on their traffic volume.
According to the Trend Micro researchers, Whitehole is being used to distribute a variant of a rootkit called ZeroAccess (or Sirefef) whose purpose is to install additional malware.
"Given Whiteholes current state, we may be seeing more noteworthy changes to the exploit kit these coming months. Thus, we are continuously monitoring this threat for any developments," the researchers said.
Security experts are regularly advising users to keep their software and browser plug-ins up to date in order to protect their computers from drive-by download attacks. However, in some cases, attackers use exploits for vulnerabilities that haven't been patched -- zero-day exploits. To prevent such attacks, it's better to completely disable browser plug-ins that are not frequently used and to enable click-to-play for plug-in based content in browsers that support the feature like Mozilla Firefox, Google Chrome and Opera.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Malware and Vulnerabilities White Papers | Webcasts