The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Exploit pack

New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers

New BlackEnergy Crimeware Enhanced to Target Linux Systems and Cisco Routers

November 05, 2014Swati Khandelwal
Security researchers at Kaspersky Lab have unearthed new capabilities in the BlackEnergy Crimeware weapon that has now ability to hacking  routers , Linux systems and Windows, targeting industry through Cisco network devices. The antivirus vendor's Global Research & Analysis Team released a report Monday detailing some of the new " relatively unknown " custom plug-in capabilities that the cyber espionage group has developed for BlackEnergy to attack Cisco networking devices and target ARM and MIPS platforms. The malware was upgraded with custom plugins including Ciscoapi.tcl which targets The Borg's kit, and According to researchers, the upgraded version contained various wrappers over Cisco EXEC-commands and " a punchy message for Kaspersky , " which reads, " F*uck U, Kaspersky!!! U never get a fresh B1ack En3rgy. So, thanks C1sco 1td for built-in backd00rs & 0-days. " BlackEnergy malware program was originally created and used by cy
Paunch, the author of Blackhole Exploit kit arrested in Russia

Paunch, the author of Blackhole Exploit kit arrested in Russia

October 07, 2013Wang Wei
According to a Security Analyst ' Maarten Boone ' working  at Fox-IT company, the Developer of notorious Blackhole Exploit Kit  developer ' Paunch ' and his partners were arrested in Russia recently. Blackhole Exploit Kit  which is responsible for the majority of web attacks today, is a crimeware that makes it simple for just about anyone to build a botnet . This Malware kit was developed by a hacker who uses the nickname "Paunch" and his Team, has gained wide adoption and is currently one of the most common exploit frameworks used for Web-based malware delivery. The Blackhole exploit kit is a framework for delivering exploits via compromised or third-party websites, serve up a range of old and new exploits for Oracle's Java, Adobe's Flash and other popular software to take control of victim's machines. It the point of writing No Police Authority or Press has confirmed the claim made by Maarten about the arrest of Malware author. Plea
Warning : Java 6 vulnerable to zero-day exploit; added to Neutrino exploit kit

Warning : Java 6 vulnerable to zero-day exploit; added to Neutrino exploit kit

August 28, 2013Mohit Kumar
Hackers are using a new exploit for a bug in the out-of-date but popular Java 6 platform to attack victims, and has been added to a commercially available Neutrino exploit kit. The use of Java 6 still is prevalent, opening up a significant number of users to the threat. F-secure analyst Timo Hirvonen warned about the exploit over Twitter, advising that he had found an exploit in the wild actively targeting an unpatched vulnerability in Java 6, named CVE-2013-2463 . The exploit's proof-of-concept was made public last week, prior to in-the-wild attacks surfacing on Monday. Oracle is aware of the hole but, since Java 6 is no longer supported, the company will not patch the issue. The vulnerability lies in Java Runtime Environment's 2D sub-component, which is used to make two-dimensional graphics. Because no patch is available, the exploits provides cybercriminals and other attackers an effective vehicle to launch attacks targeting users and organizations using Jav
New Apache backdoor serving Blackhole exploit kit

New Apache backdoor serving Blackhole exploit kit

April 27, 2013Mohit Kumar
A new sophisticated and stealthy Apache backdoor meant to drive traffic to malicious websites serving Blackhole exploit kit widely has been detected by  Sucuri recently. Researchers claimed that this backdoor affecting hundreds of web servers right now. Dubbed Linux/Cdorked.A , one of the most sophisticated Apache backdoors we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory.  The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. The HTTP server is equipped with a reverse connect backdoor that can be triggered via a special HTTP GET request. This means that no command and control information is stored anywhere on the system. ESET researchers  analyzed the binary and discovered a nasty hidden backdoor. In the Li
Necurs Rootkit infect 83,427 machines in November

Necurs Rootkit infect 83,427 machines in November

December 08, 2012Mohit Kumar
Rootkit named as "Necurs" infect 83,427 unique machines during the month of November 2012. It is a multi-purpose rootkits capable of posing a threat to both 32 and 64-bit Windows systems. Distributed via drive-by download on the websites that host the BlackHole exploit kit. Like other rootkits it is able to hide itself from detection and also capable of downloading additional malware from outside. Attackers can maintain remote access to a machine this way in order to monitor activity, send spam or install scareware. Rootkit also stop security applications from functioning and hence no detection. Microsoft list this as  Trojan:Win32/Necurs . Trojan:Win32/Necurs is a family of malware that work together to download additional malware and enable backdoor access and control of your computer. The malware can be installed on its own or alongside rogue security software, such as Rogue:Win32/Winwebsec. The malware downloads itself into the folder " %windi
SCADA Hacking : Exploit released to Hack Solar Energy Plants

SCADA Hacking : Exploit released to Hack Solar Energy Plants

October 12, 2012Mohit Kumar
ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities . They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product. The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants. The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges The disclosure was made by Roberto Paleari and Ivan Speziale, who described the vulnerable system as being the Schneider Electric
Hackers disrupt Interpol website against Anti-Islam film

Hackers disrupt Interpol website against Anti-Islam film

October 07, 2012Mohit Kumar
A hacker group " Kosova Hacker's Security " based in the Middle East take down Interpol website yesterday. According to claim of Hackers, they are doing this cyber attack on a law enforcement agency to show their protest against the controversial Anti-Islam film, Innocence of Muslims. According to the mail notification from Hackers, they claim to DDOS Interpol servers including DNS servers also with a Botnet army of 770 Bots. In more technical terms, hackers are DDOSing Interpol servers with 770 Bots and 65500 packets/second. Interpol website (  https://www.interpol.int/  ) server 193.22.7.16:80 and DNS server 193.22.7.80:53 was under attack by these hackers. At the time of writing this article, may be the website is working fine. On asking, How they got 770 Bots ? Hacker give a screenshot ( shown above ) of the Exploit pack they are using to infect computers and to make them slave of their Botnet weapon. Recently the six major American banks suffered de
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.