Difference between revisions of "Lifting the lid on the Redkit exploit kit (Part 1)"
Jump to navigation
Jump to search
m (Text replacement - " nakedsecurity.sophos.com" to "") |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Type=Blogpost | |Type=Blogpost | ||
|Link=http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/ | |Link=http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/ | ||
|Author=Fraser Howard | |Author=Fraser Howard | ||
|NomRevue=Naked Security | |NomRevue=Naked Security | ||
Line 8: | Line 8: | ||
|Year=2013 | |Year=2013 | ||
|ExploitKit=RedKit | |ExploitKit=RedKit | ||
|Abstract= | |Abstract=RedKit is one of the lesser known exploit kits that is currently being used to distribute malware. | ||
Though not as widely talked about as Blackhole, | Though not as widely talked about as Blackhole, RedKit has gained some press recently, having been involved in the NBC site hack and the spam campaigns that followed the Boston bombings. | ||
In the first of this two-part series, I will give an overview of the exploit kit: how it operates and where it is being hosted. | In the first of this two-part series, I will give an overview of the exploit kit: how it operates and where it is being hosted. | ||
Line 16: | Line 16: | ||
Part Two will take a deeper look into the malicious code being used in order to uncover some of the functionality it provides to the attackers. | Part Two will take a deeper look into the malicious code being used in order to uncover some of the functionality it provides to the attackers. | ||
To start with, let's take a look at how | To start with, let's take a look at how RedKit operates. | ||
}} | }} |
Latest revision as of 22:48, 5 August 2015
(Publication) Google search: [1]
Lifting the lid on the Redkit exploit kit (Part 1) | |
---|---|
Botnet | |
Malware | |
Botnet/malware group | |
Exploit kits | RedKit |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-05-03 |
Editor/Conference | Sophos Labs |
Link | http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/ (Archive copy) |
Author | Fraser Howard |
Type | Blogpost |
Abstract
“ RedKit is one of the lesser known exploit kits that is currently being used to distribute malware.
Though not as widely talked about as Blackhole, RedKit has gained some press recently, having been involved in the NBC site hack and the spam campaigns that followed the Boston bombings.
In the first of this two-part series, I will give an overview of the exploit kit: how it operates and where it is being hosted.
Part Two will take a deeper look into the malicious code being used in order to uncover some of the functionality it provides to the attackers.
To start with, let's take a look at how RedKit operates.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1326, editor = {Sophos Labs}, author = {Fraser Howard}, title = {Lifting the lid on the Redkit exploit kit (Part 1)}, date = {03}, month = May, year = {2013}, howpublished = {\url{http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/}}, }