I don’t normally write about exploit kits (these are also referred to as ‘packs’) because most of my readers wouldn’t understand their relevance in the online world. It’s kind of geeky too. That said this exploit pack is definitely worth mentioning. Read on to find out why.
What are exploit kits? They are packs containing malicious programs that are mainly used to carry out automated ‘drive-by’ attacks in order to spread malware. The BlackHole exploit kit is one of the most well known.
Security researchers have identified a new exploit kit called “RedKit” – it actually doesn’t have a name but the researchers decided to name it. The RedKit exploit delivers its payload via an Adobe Acrobat and Reader LibTIFF vulnerability and Java AtomicreferenceArray vulnerability – this one is behind the Adobe Flashback flaw which has been in the news this week.
Logging in to the exploit kit panel allows you to check the stats for incoming traffic, upload a payload executable and even scan the payload with no less than 37 different antivirus products (AV). What is really clever here is that each malicious URL gets blocked by most security firms after 24 to 48 hours, but RedKit provides a new API which will produce a fresh URL every hour.
This automated API process for updating traffic sources every hour to point to a new URL is something the AV companies will be very aware of. Make sure your AV product is up to date and be careful what links you click on folks!
Safe surfing folks!
Bootnote: Thanks to the guys at Trustwave for this find.