IT admins, users warned against Whitehole exploit kit

Security technicians at antivirus firm Trend Micro are warning IT security administrators and users to be on the lookout for an emerging exploit kit named Whitehole which can evade antimalware detection and blocking mechanisms of browsers.

In an official Trend Micro blog this week, the company said Whitehole is still on “test release” but its creators are already selling the exploit kit for prices ranging from $200 to $1,800 in the cybercrime community.

Trend Micro said Whitehole is being used to distribute a variant of the ZeroAccess (or Sirefef) rootkit which is designed to install additional malware on vulnerable machines. It can download up to 20 malicious files at once, according to Trend Micro. Whitehole can evade detection by antivirus software and is able to prevent Google Safe Browsing from detecting and blocking it.

RELATED CONTENT

Blackhole is getting shadier
Java patched but problems remains

Whitehole uses code similar to that of the more popular Blackhole exploit kit which has become a favourite with attackers targeting unpatched holes in Java. However, Whitehole does not obfuscate when using plugindetec.js, unlike Blackhole which uses JavaScript to mask its activity, said Trend Micro.

Whitehole contains exploits for the following Java vulnerabilities: CVE-2011-3544, CVE-2012-1723, CVE-2012-4681, CVE-2012-5076, and CVE-2013-0422

Last month, Oracle Corp. issued an emergency release in Java 7 Update 11 to patch CVE-2013-0422 to stop a zero-day exploit. However, researchers from the Polish firm Security Exploit said the patch failed to plug new vulnerabilities which allow hackers to execute arbitrary code on computers.

Prior to that the United States Department of Homeland Security had earlier issued a warning to computer users to disable their Java plug-ins due to a major vulnerability.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now