Whitehole exploit kit in the spotlight
The effectiveness of exploit kits has made them malware peddlers’ preferred way of distributing their malicious wares. The Blackhole exploit kit is, by far, the most most used one, and has pretty much cornered the market at the moment, but there are other kits out there looking to challenge its supremacy.
Among them is a new exploit kit that has been dubbed “Whitehole” by researchers for the simple reason of differentiating it from Blackhole.
Whitehole employs exploits for five Java Runtime Environment vulnerabilities, and among them is also the recently patched zero-day (CVE-2013-0422) that has ben wreaking havoc last month, and exploits for which have been added both to the Blackhole and Cool exploit kit.
“Whitehole Exploit Kit is purportedly under development and runs in ‘test-release’ mode,” shared Trend Micro threat response engineer Jonh Chua. “However, the people behind this kit are already peddling the kit and even command a fee ranging from USD 200 to USD 1800.”
The ability to evade antimalware detections, to prevent Google Safe Browsing from blocking it, and to load as much as 20 files at once will likely make it easy for Whitehole to secure a considerable slice of the market for itself. The smaller price when compared to Blackhole is also worth mentioning.
The kit is currently employed in several campaigns to deliver the ZeroAccess backdoor and downloader Trojan and ransomware.