The Black Hole exploit kit is an unethical off-the-shelf Web application. The first instance - v.1.0.0 beta - has appeared on the black market and was advertised in August 2010 as a "System for network testing". As with most of the exploit kits, it is based on PHP and a MySQL backend. The payload of this kit usually targets Windows operating systems and applications installed on those systems, but depends on the criminals' end goal.
The Black Hole exploit kit uses several protection mechanisms such as:
- Integrated Antivirus based on an API of popular blackhats' AVCheck services
- Forms database of blacklists based on referrers and IP addresses including ranges to block access to the system
Below is a running list of vulnerabilities that have been used with the Black Hole exploit kit:
- CVE-2011-0611 - Adobe Flash Player Memory Corruption Vulnerability
- CVE-2010-1885 - HCP
- CVE-2010-1423 - Java argument injection vulnerability in the URI handler in Java NPAPI plugin
- CVE-2010-0886 - Java Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE
- CVE-2010-0842 - Java JRE MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
- CVE-2010-0840 - Java trusted Methods Chaining Remote Code Execution Vulnerability
- CVE-2009-1671 - Java buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll
- CVE-2009-0927 - Adobe Reader Collab GetIcon
- CVE-2008-2992 - Adobe Reader util.printf
- CVE-2007-5659 - Adobe Reader CollectEmailInfo
- CVE-2006-0003 - MDAC (IE6 COM CreateObject Code Execution)
Related topic:
Fake Intuit Quickbooks Page Leads to Black Hole Exploit
Sources:
Websense
0 comments:
Post a Comment