New Exploit Kit: Whitehole

Friday, February 8, 2013 @ 04:02 PM gHale

There is a new exploit kit out called “Whitehole” that uses exploits for five Java Runtime Environment vulnerabilities, researchers said.

Researchers call this kit Whitehole because they wanted to make sure it was different than the infamous Blackhole exploit kit that has been around for years.

Hacker Proves Lack of Security
Mobile Ad Malware Toolkits on Rise
Defense Industry Spear Phishing Attack
RAT Looks Innocent, but it Attacks

Whitehole does use five Java Runtime Environment holes, among them is the just patched Zero Day (CVE-2013-0422), said researchers at Trend Micro.

“Whitehole Exploit Kit is purportedly under development and runs in ‘test-release’ mode,” said Trend Micro threat response engineer Jonh Chua. “However, the people behind this kit are already peddling the kit and even command a fee ranging from USD 200 to USD 1800.”

The ability to evade anti-malware detections, to prevent Google Safe Browsing from blocking it, and to load as much as 20 files at once will likely make it easy for Whitehole to secure a considerable slice of the market for itself. The smaller price when compared to Blackhole is also worth mentioning.

The kit is currently in several campaigns to deliver the ZeroAccess backdoor and downloader Trojan and ransomware.

Leave a Reply

You must be logged in to post a comment.