A Boost in Red Kit Exploit Kit

Tuesday, June 4, 2013 @ 04:06 PM gHale


There has been an increase in the number of compromised websites that distribute malware via the Red Kit exploit kit.

Attackers utilized two mechanisms to infect websites such as whitesteeple[dot]com, oute66marathon[dot]com and neptunebenson[dot]com, said researchers at Zscaler.

RELATED STORIES
Reworked Trojans a Major Threat
Botnet Used in Huge Spam Plot
P2P Botnets Larger than Thought
New Trojan can Avoid Capture
Botnet Builds off Ruby on Rails Bug

One of the methods involves injecting a standard iframe that takes visitors through multiple redirections to a Red Kit landing page. The second method uses SEO techniques to perform HTTP 302 redirections to the malicious landing page.

The exploit kit leverages a Java sandbox bypass vulnerability to push a malicious file designed to stop running if virtual machine or debugging environments end up detected.

Once it’s executed, the malware, which is a keylogger Trojan, steals sensitive information from the infected system and sends it back to a remote server.

The researchers said right now only three antivirus solutions are capable of identifying the threat.



Leave a Reply

You must be logged in to post a comment.