The Hacker News Logo
Subscribe to Newsletter

RedKit Exploit Kit : New web malware exploitation pack

RedKit Exploit Kit : New web malware exploitation pack

Trustwave researchers have spotted a new exploit kit called "RedKit Exploit Kit" that  being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits.

In actual, The new kit has no official name, so the researchers dubbed it 'Redkit' due to the red bordering used in the application's panel.

"Logging to the admin panel presents you with options which are typically used by other exploit kits. The panel allows you to check the statistics for incoming traffic, upload a payload executable and even scan this payload with no less than 37 different AV’s," Trustwave reports.

To deliver the malware, RedKit exploits two popular bugs:
1.) The Adobe Acrobat and Reader LibTIFF vulnerability (CVE-2010-0188).
2.) The Java AtomicReferenceArray vulnerability (CVE-2012-0507), lately used by the criminals behind the massive Flashback infection.

"As each malicious URL gets blocked by most security firms after 24 to 48 hours, the Redkit's author have provide a new API which will produce a fresh URL every hour, so that customer of this exploit kit can now set up an automated process for updating the traffic sources every hour or so to point to the new URL."

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.