Lifting the lid on the Redkit exploit kit (Part 1)
Jump to navigation
Jump to search
(Publication) Google search: [1]
Lifting the lid on the Redkit exploit kit (Part 1) | |
---|---|
Botnet | |
Malware | |
Botnet/malware group | |
Exploit kits | RedKit |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-05-03 |
Editor/Conference | Sophos Labs |
Link | http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/ (Archive copy) |
Author | Fraser Howard |
Type | Blogpost |
Abstract
“ RedKit is one of the lesser known exploit kits that is currently being used to distribute malware.
Though not as widely talked about as Blackhole, RedKit has gained some press recently, having been involved in the NBC site hack and the spam campaigns that followed the Boston bombings.
In the first of this two-part series, I will give an overview of the exploit kit: how it operates and where it is being hosted.
Part Two will take a deeper look into the malicious code being used in order to uncover some of the functionality it provides to the attackers.
To start with, let's take a look at how RedKit operates.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1326, editor = {Sophos Labs}, author = {Fraser Howard}, title = {Lifting the lid on the Redkit exploit kit (Part 1)}, date = {03}, month = May, year = {2013}, howpublished = {\url{http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/}}, }