Blackhole, CVE-2012-0507 and Carberp

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Blackhole, CVE-2012-0507 and Carberp
Botnet Carberp
Malware
Botnet/malware group
Exploit kits Blackhole
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 30 mars 2012
Editor/Conference ESET
Link http://blog.eset.com/2012/03/30/blackhole-cve-2012-0507-and-carberp blog.eset.com (blog.eset.com Archive copy)
Author David Harley, Aleksandr Matrosov
Type

Abstract

This week Blackhole has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/Exploit.CVE-2012-0507. Earlier this week information was published about the Blackhole update by French malware researcher Xylitol and last week Microsoft shared information about an interesting way of breaching the JRE (Java Runtime Environment) sandbox.

The first information about a working exploit for CVE-2012-0507 was released by the company Immunity with reference to the 7.03.2012 product update of Immunity CANVAS Modules. The first In-the-Wild detections were recognized during the week beginning on March 12, 2012. The CVE-2012-0507 vulnerability was remediated on February 15 as part of a critical patch update advisory. Today a public module for Metasploit Framework was released, working on a range of platforms: Windows, Linux, Solaris and OSX. The Metasploit module for exploitation of CVE-2012-0507 looks the same as the exploit version seen in the updated Blackhole version.

Bibtex

 @misc{Harley2012BFR966,
   editor = {ESET},
   author = {David Harley, Aleksandr Matrosov},
   title = {Blackhole, CVE-2012-0507 and Carberp},
   date = {31},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://blog.eset.com/2012/03/30/blackhole-cve-2012-0507-and-carberp blog.eset.com}},
 }