Clik here to view.
CVE-2012-4681 - Связка Sweet Orange
Связка Sweet OrangeYes, it's becoming boring.We'll make it fast.Using [FR] Malekal's sniper technics (hat tip) you can find a Sweet Orange EK when you need one :breitlingline[.]biz/ <-- Do not try...
View ArticleClik here to view.
CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo
Not making the headlines but yet effective (doesn't need a 0 day to reach 20% break) Redkit Exploit Kit has also (again...no news here) integrated the last Vulnerability from...
View ArticleClik here to view.
Blackhole Exploit Kits update to v2.0
Paunch notification on Exploit.in about v2.0Original text of the Advert ( Pastebin ) (for rough translation see at bottom - Illustration of an infection + related files in this post.)BlackHole exploit...
View ArticleClik here to view.
The path to infection - Eye glance at the first line of "Russian Underground"...
One year since I started "active" actions in understanding what is on the other side of malware/mass infection campaign. Will share in one picture how i figure things. ( I hope to have many feedback to...
View ArticleClik here to view.
Carberp, the renaissance (?)
"not for you" image used by CarberpCarberp never really stopped but seems like it was not spread massively/updated anymore since huge operation against gang using it in Russia back in February/March...
View ArticleClik here to view.
Inside Impact Exploit Kit - back on track (?)
Impact Logo( credits : Kahu Security )My first contact to Impact Exploit Kit was possible thanks to @switchingtoguns.The identification of the pack and my second contact is fully based on information...
View ArticleClik here to view.
Big update for Cool EK
Yesterday (2012-12-18) around 13h GMT I was not the only one (o/ Ekse) to noticed that something was happening on the Cool EK Front. (At least the one owned by the group pushing Reveton).Landings in...
View ArticleClik here to view.
Reveton - Winter Collection
Winter is coming, so is Reveton's Winter Collection (obviously replacing the Autumn Collection on which they added sound for some countries past month).The new design was first spotted by Trend Micro...
View ArticleClik here to view.
Crossing the Styx ( Styx Sploit Pack 2.0 ) - Meet CVE-2012-4969 via JS heapspray
(Lorenz-84 - For the thumbnail)Styx LogoNo need to go on underground forum to find Styx Sploit Pack. The Styx-Crypt guys are selling their services publicly on styx-crypt[.]comstyx-crypt[.]com Logo and...
View ArticleClik here to view.
Juice the Sweet Orange - 2012-12
Sweet Orange landings have changed around the 15th of December from something like :http://bigromeguide .com/wHOies?tMNdb=37orhttp://hwdcommunicating .pro/gsziXO?PDBbp=45orhttp://haztalansrayail.myftp...
View ArticleClik here to view.
0 day 1.7u10 (CVE-2013-0422) spotted in the Wild - Disable Java Plugin NOW !
Was wondering what to do with that...Disclose, do not Disclose.Hundreds of thousands of hits daily where i found it. This could be a cause mayhem.I think it's better to make some noise about...
View ArticleClik here to view.
Meet "Red Dot exploit toolkit"
for thumbnailRed Dot Login ScreenAdvertised since Dec 21, 2012 on underground forum by user reddot.Here is the text of the advert :------------------------------------------Функциональность.[*]...
View ArticleClik here to view.
New bullets (CVE-2012-0775 - CVE-2012-1889 - CVE-2012-1876(?) - CVE-2012-4792...
Once again guys behind the Cool EK are using (or trying to use) bullets never seen before in blind mass attack. The brand new one is :snipshot from Mitre.orgCVE-2012-0775 :"The JavaScript...
View ArticleClik here to view.
Briefly wave WhiteHole Exploit Kit hello...
WhiteHole...After Nice Pack, Cool EK, Blackhole, Red Dot, Sweet Orange... Anyone, show me where is the Exploit Kit name generator (WhiteRabbit would have been a better name no ? )I spotted it for the...
View ArticleClik here to view.
Inside Multi-Botnet ver.4 c&c Panel
I wrote 2 months ago about Multi Locker being updated to ver.3 (stabily recognized by Microsoft as : Tobfy.H ), made a brief history and showed inside viewSince then the code of the locker and the...
View ArticleClik here to view.
Cbeplay.P targets US and AT, now talks to UK Citizens
The second group (after Reveton distributors) to have subscribe for Cool EK is pushing a ransomware that i refer to (using name attached to it by Microsoft) CBeplay.PThere are some move lately but I...
View ArticleClik here to view.
Urausy: Colorfull design refresh (+HR) & EC3 Logo
One of the images in Urausy DesignFirst spotted by Tachion (VT Profile) from Safegroup.pl and soon after seen by Malekal (VT Profile), Urausy is now showing its new clothes. New (to me) targeted...
View ArticleClik here to view.
Reveton: Winter Collection II - Design refresh, ICE and EC3 logo
One week ago Urausy refreshed their design. So is doing Reveton team with lighter ones. (I will refer to these design as Winter Collection II )Reveton Winter Collection II in one Image(too small ? -...
View ArticleClik here to view.
CVE-2013-0431 (java 1.7 update 11) ermerging in Exploit Kits
Soon after Oracle released Java 7 Update 11, fixing exploit widely used (CVE-2013-0422), Adam Gowdiak warned on Full Disclosure about successful security sandbox bypass via a bug in...
View ArticleClik here to view.
CBeplay.P : Now target Australia and moved to server side localization
The VMaware CBeplay.P is moving (to learn about the past look here ). CBeplay is stealing/borrowing design from Urausy (AU - ES - NL)- It's not talking anymore to UK Citizen- The design is not embedded...
View Article