Blackhole, CVE-2012-0507 and Carberp
(Publication) Google search: [1]
Blackhole, CVE-2012-0507 and Carberp | |
---|---|
Botnet | Carberp |
Malware | |
Botnet/malware group | |
Exploit kits | Blackhole |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 30 mars 2012 |
Editor/Conference | ESET |
Link | http://blog.eset.com/2012/03/30/blackhole-cve-2012-0507-and-carberp blog.eset.com (blog.eset.com Archive copy) |
Author | David Harley, Aleksandr Matrosov |
Type |
Abstract
“ This week Blackhole has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/Exploit.CVE-2012-0507. Earlier this week information was published about the Blackhole update by French malware researcher Xylitol and last week Microsoft shared information about an interesting way of breaching the JRE (Java Runtime Environment) sandbox.
The first information about a working exploit for CVE-2012-0507 was released by the company Immunity with reference to the 7.03.2012 product update of Immunity CANVAS Modules. The first In-the-Wild detections were recognized during the week beginning on March 12, 2012. The CVE-2012-0507 vulnerability was remediated on February 15 as part of a critical patch update advisory. Today a public module for Metasploit Framework was released, working on a range of platforms: Windows, Linux, Solaris and OSX. The Metasploit module for exploitation of CVE-2012-0507 looks the same as the exploit version seen in the updated Blackhole version.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR966, editor = {ESET}, author = {David Harley, Aleksandr Matrosov}, title = {Blackhole, CVE-2012-0507 and Carberp}, date = {31}, month = Mar, year = {2012}, howpublished = {\url{http://blog.eset.com/2012/03/30/blackhole-cve-2012-0507-and-carberp blog.eset.com}}, }