Site icon IT World Canada

IT admins, users warned against Whitehole exploit kit

Security technicians at antivirus firm Trend Micro are warning IT security administrators and users to be on the lookout for an emerging exploit kit named Whitehole which can evade antimalware detection and blocking mechanisms of browsers.

In an official Trend Micro blog this week, the company said Whitehole is still on “test release” but its creators are already selling the exploit kit for prices ranging from $200 to $1,800 in the cybercrime community.

Trend Micro said Whitehole is being used to distribute a variant of the ZeroAccess (or Sirefef) rootkit which is designed to install additional malware on vulnerable machines. It can download up to 20 malicious files at once, according to Trend Micro. Whitehole can evade detection by antivirus software and is able to prevent Google Safe Browsing from detecting and blocking it.

RELATED CONTENT

Blackhole is getting shadier
Java patched but problems remains

Whitehole uses code similar to that of the more popular Blackhole exploit kit which has become a favourite with attackers targeting unpatched holes in Java. However, Whitehole does not obfuscate when using plugindetec.js, unlike Blackhole which uses JavaScript to mask its activity, said Trend Micro.

Whitehole contains exploits for the following Java vulnerabilities: CVE-2011-3544, CVE-2012-1723, CVE-2012-4681, CVE-2012-5076, and CVE-2013-0422

Last month, Oracle Corp. issued an emergency release in Java 7 Update 11 to patch CVE-2013-0422 to stop a zero-day exploit. However, researchers from the Polish firm Security Exploit said the patch failed to plug new vulnerabilities which allow hackers to execute arbitrary code on computers.

Prior to that the United States Department of Homeland Security had earlier issued a warning to computer users to disable their Java plug-ins due to a major vulnerability.

Exit mobile version