Introduction
In today’s environment of highly interconnected system necessities, bringing down a system may cause a catastrophic damage to an individual in many ways. Hackers are frequent in the market, making exploit kits that can bring down the whole system. Even a novice in hacking technology can use these exploit kits to wipe the enemy out from the globe.
Most organizations fail to update in response to the latest threats in the market and, due to a competitive environment that requires product innovation and reduction of administrative cost, such releases in exploit kits remain undetected in an organizational perspective. Doing much research on these exploit kits requires funding for the information security domain that is cost-prohibitive and impracticable for most organizations. An organization must plan to maintain an operational resilience and protect their valuable assets effectively. The development and distribution of exploit kits is a never-ending process and managing these exploit kits is not a trivial task for any organization.
An exploit kit is a malware toolkit that is used to exploit the vulnerabilities of a system. It is a platform that distributes malware including bots, spyware, backdoors, or other payloads to the victim’s machine.
The main purpose of an exploit kit is that it automates the exploitation of client-side vulnerabilities, mostly targeting browsers. It also targets various programs that can be accessed by a browser. Most exploit kits target zero-day vulnerabilities or exploits for which patches are out in the market. For instance, the Black Hole exploit kit targets vulnerabilities in browsers such as Internet Explorer, Firefox, Google Chrome, and Safari and vulnerabilities in Java, Adobe Reader, and Adobe Flash Player.
A key characteristic of an exploit kit is the simplicity with which it can be used by anyone; a user need not be an IT or security expert. The main benefit of exploit kits is that the attacker doesn’t need to know how to create exploits. Through the use of an exploit kit, specific vulnerabilities can be exploited without any expertise. It also provides a user-friendly interface that can be used to track the infection statistics and it also provides a remote mechanism to control the exploited system.
Types of Exploit Kits
An exploit kit is a launching platform used to deliver payload, which includes bots, backdoors, spyware, or any other type of malware. Exploit kits are not bounded by geographical limits and can be remotely controlled from one location while exploiting vulnerabilities at another location. This provides a great advantage to the attacker, since it will be very difficult to trace the source of attack and carry out further legal actions.Black Hole Exploit Kit
Black Hole loads malicious contents into victim’s computers and is one of the major web threats that exist today. It is of Russian origin and can be customized into different levels that can be used to exploit various levels of vulnerabilities. The working of the Black Hole exploit kit is as follows. A victim browses on a malicious payload-injected website, which further redirects to a server that hosts the malicious exploit kit. After that, the exploit kit scans the system and detects the vulnerabilities. Then the particularly crafted payload is injected into the system that will be exploited. This kit’s versions vary from v1.0.0 to v1.2.2 and contain PHP scripts running on a web server; it uses MySQL as a back end. These scripts are encrypted using an ionCube encoder that makes the code undetectable (ionCube encoders are tools to protect the software that is written in php from viewing and changing code; once the codes are encoded via ion cube then there is no other solution to decode the codes).
It has different confi
The Black Hole exploit kit targets various client vulnerabilities, including Java, Adobe Flash Player, Adobe Reader, etc. It has an add-on for antivirus scanning and has different license types including rental, three-month license, half-year license, annual license, etc.
Crime Pack Exploit Kit
Crimepack was the most popular exploit kit that was available in the market. Whenever news of Crimepack exploit releases were out, more users were seen to be downloading it. Crimepack primarily targeted German and South American websites. The cost of this pack was around $400 and around 14 exploit kits were made available inside crime pack. All of the following vulnerabilities are now fixed and security measures have been enforced to detect Crimepack exploits.
| Vulnerabilities | CVEID |
| IE6 COM CreateObject Code Execution | CVE-2006-0003 |
| IE7 Uninitialized Memory Corruption | CVE 2010-0806 |
| JRE getSoundBank Stack BOF | CVE 2009-3867 |
| IEPeers Remote Code Execution | CVE 2010-0806 |
| PDF Exploit | CVE 2007-5659 |
| Opera TN3270 | CVE 2009-3269 |
| AOL Radio AmpX Buffer Overflow | CVE 2007-5755 |
| Internet Explorer 7 XML Exploit | CVE-2008-4844 |
| Firefox 3.5/1.4/1.5 exploits | CVE-2009-355 |
| Adobe Acrobat LibTIFF Integer Overflow | CVE-2010-0188 |
| OWC Spreadsheet Memory Corruption | CVE-2009-1136 |
| Bundle of ActiveX Exploits | CVE-2008-2463 |
==> Read More
No comments:
Post a Comment