Monday, October 28, 2013

Battling with Cyber Warriors- Exploit Kits


In today’s environment of highly interconnected system necessities, bringing down a system may cause a catastrophic damage to an individual in many ways. Hackers are frequent in the market, making exploit kits that can bring down the whole system. Even a novice in hacking technology can use these exploit kits to wipe the enemy out from the globe.
Most organizations fail to update in response to the latest threats in the market and, due to a competitive environment that requires product innovation and reduction of administrative cost, such releases in exploit kits remain undetected in an organizational perspective. Doing much research on these exploit kits requires funding for the information security domain that is cost-prohibitive and impracticable for most organizations. An organization must plan to maintain an operational resilience and protect their valuable assets effectively. The development and distribution of exploit kits is a never-ending process and managing these exploit kits is not a trivial task for any organization.
An exploit kit is a malware toolkit that is used to exploit the vulnerabilities of a system. It is a platform that distributes malware including bots, spyware, backdoors, or other payloads to the victim’s machine.
The main purpose of an exploit kit is that it automates the exploitation of client-side vulnerabilities, mostly targeting browsers. It also targets various programs that can be accessed by a browser. Most exploit kits target zero-day vulnerabilities or exploits for which patches are out in the market. For instance, the Black Hole exploit kit targets vulnerabilities in browsers such as Internet Explorer, Firefox, Google Chrome, and Safari and vulnerabilities in Java, Adobe Reader, and Adobe Flash Player.
A key characteristic of an exploit kit is the simplicity with which it can be used by anyone; a user need not be an IT or security expert. The main benefit of exploit kits is that the attacker doesn’t need to know how to create exploits. Through the use of an exploit kit, specific vulnerabilities can be exploited without any expertise. It also provides a user-friendly interface that can be used to track the infection statistics and it also provides a remote mechanism to control the exploited system.

Types of Exploit Kits

An exploit kit is a launching platform used to deliver payload, which includes bots, backdoors, spyware, or any other type of malware. Exploit kits are not bounded by geographical limits and can be remotely controlled from one location while exploiting vulnerabilities at another location. This provides a great advantage to the attacker, since it will be very difficult to trace the source of attack and carry out further legal actions.
Black Hole Exploit Kit

Black Hole loads malicious contents into victim’s computers and is one of the major web threats that exist today. It is of Russian origin and can be customized into different levels that can be used to exploit various levels of vulnerabilities. The working of the Black Hole exploit kit is as follows. A victim browses on a malicious payload-injected website, which further redirects to a server that hosts the malicious exploit kit. After that, the exploit kit scans the system and detects the vulnerabilities. Then the particularly crafted payload is injected into the system that will be exploited. This kit’s versions vary from v1.0.0 to v1.2.2 and contain PHP scripts running on a web server; it uses MySQL as a back end. These scripts are encrypted using an ionCube encoder that makes the code undetectable (ionCube encoders are tools to protect the software that is written in php from viewing and changing code; once the codes are encoded via ion cube then there is no other solution to decode the codes).

It has different confi
The Black Hole exploit kit targets various client vulnerabilities, including Java, Adobe Flash Player, Adobe Reader, etc. It has an add-on for antivirus scanning and has different license types including rental, three-month license, half-year license, annual license, etc.
Crime Pack Exploit Kit

Crimepack was the most popular exploit kit that was available in the market. Whenever news of Crimepack exploit releases were out, more users were seen to be downloading it. Crimepack primarily targeted German and South American websites. The cost of this pack was around $400 and around 14 exploit kits were made available inside crime pack. All of the following vulnerabilities are now fixed and security measures have been enforced to detect Crimepack exploits.
Vulnerabilities CVEID
IE6 COM CreateObject Code Execution CVE-2006-0003
IE7 Uninitialized Memory Corruption CVE 2010-0806
JRE getSoundBank Stack BOF CVE 2009-3867
IEPeers Remote Code Execution CVE 2010-0806
PDF Exploit CVE 2007-5659
Opera TN3270 CVE 2009-3269
AOL Radio AmpX Buffer Overflow CVE 2007-5755
Internet Explorer 7 XML Exploit CVE-2008-4844
Firefox 3.5/1.4/1.5 exploits CVE-2009-355
Adobe Acrobat LibTIFF Integer Overflow CVE-2010-0188
OWC Spreadsheet Memory Corruption CVE-2009-1136
Bundle of ActiveX Exploits CVE-2008-2463

==> Read More

No comments:

Post a Comment

Support : Relax Viet
Copyright © 2013. Security24h - All Rights Reserved
Design by Namkna
Best View Resolution 1024 x 768 pixel