• Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg
  • Delicious

Anti-Malware Laboratory

Yet Another Malware Blog

About

An informal blog from your friendly neighborhood software security humans.

Blog Archive

  • ►  2015 (5)
    • ►  October (1)
    • ►  August (2)
    • ►  May (1)
    • ►  March (1)
  • ►  2014 (8)
    • ►  October (1)
    • ►  July (1)
    • ►  June (1)
    • ►  May (4)
    • ►  April (1)
  • ►  2013 (12)
    • ►  December (3)
    • ►  November (5)
    • ►  August (2)
    • ►  March (2)
  • ▼  2012 (35)
    • ►  April (4)
    • ▼  March (12)
      • NSA Mobility Program
      • The 2012 Cyber Defence University Challenge
      • Double Winrar self-executable archive packed Fakeav
      • Fake Skype Vouchers website leads to Java Exploits
      • AV-TEST Report on Android Anti-Malware Solutions
      • Justin Bieber Facebook Spam
      • Fake Intuit Quickbooks Page Leads to Black Hole Ex...
      • AXMLPrinter2
      • Black Hole exploit kit
      • CrimePack exploit kit
      • Installing Ubuntu 10.04.1 LTS 64 bit, MongoDB 2.0....
      • Baksmali
    • ►  February (17)
    • ►  January (2)

Categories

adobe (1) android (10) android february (1) baksmali (1) Black Hole (2) crimepack (1) disassembler (1) exploit (3) Exploits (4) Fakeav Winrar sfx (1) Fishbowl (1) flash (1) gift certificates (1) Google Authenticator (1) google play (1) hcp (1) java (1) Malware (5) mdac (1) Mobile (24) NSA Mobility Program (1) obfuscated script (1) pdf (1) Reversing (2) rhino (1) skype (1) smali (1) spam (1) test (1) Unpacking (1) vouchers (1) vulnerability (3)

Popular Posts

  • Bank of America spam: An Analysis
    An email claiming to be from Bank of America lures users to open an attachment that shows how to open secure emails from the bank. The mess...
  • [BE CAUTIOUS] Dragon Ball Z: Resurrection of F MALWARE and SCAM
    Be wary of downloading movies in torrent sites.  Executables can also be executed with a file size as huge as a gigabyte...
  • Unpacking MFC Compiled CryptoWall Malware
    Unpacking MFC Compiled CryptoWall Malware Introduction First and foremost, this article does not intend to analyze what CryptoWall malw...

Visitors to this blog

Monday, March 5, 2012

CrimePack exploit kit

Posted on Monday, March 05, 2012 by Red Horse | No comments
Originally posted by kazmot.

CrimePack exploit kit is just like any other exploit kits. It contains various codes that exploit vulnerabilities in a system and also in some of the applications installed. Commonly, these exploit codes download and execute an arbitrary file in the system. We were able to download a Dorkbot Worm in one of the malicious link we got from malwaredomainlist.com (MD5 hash: 9210a2635c63a58af18ed5dffb8f01e8, VirusTotal Scan Result available here).

This particular exploit kit has been around for several years now, version 2.0 appeared in the 1st Quarter of 2010, and the latest, as of this writing, is version 3.1.3. Some of its features are the following:

  1. Undetected from AV Scanners (Javascript & PDF/JAR/JPG files)

  2. Random PDF Obfuscation (Not using static pdf file like other packs)

  3. Blacklist checker & AutoChecker

  4. Prevent Wepawet, Jsunpack and other JavaScript unpackers to decode your page

  5. Will autocheck (can be turned off) your domain for blacklist & malware lists, and will notify you if found,  Checks the following:


    • Norton SafeWeb

    • My WebOfTrust

    • Malc0de

    • Google Safe Browsing

    • Malwaredomainlist

    • Mcafee SiteAdvisor

    • hpHosts

    • Malwareurl

Below is a running list of vulnerabilities that have been used by Crimepack exploit kit:

  • CVE-2010-1885 - HCP

  • CVE-2010-1423 - JRE 'WebStart' RCE

  • CVE-2010-0840 - Java getValue Remote Code Execution

  • CVE-2010-0806 - IE iepeers Vulnerability (IE7 Uninitialized Memory Corruption/IEPeers Remote Code Execution)

  • CVE-2009-3269 - Opera TN3270

  • CVE-2009-1136 - OWC Spreadsheet Memory Corruption

  • CVE-2009-0927 - Adobe Reader Collab GetIcon

  • CVE-2009-0355 - Firefox 3.5/1.4/1.5 exploits

  • CVE-2008-5353 - Java Deserialize

  • CVE-2008-4844 - Internet Explorer 7 XML Exploit

  • CVE-2008-2992 - Adobe Reader util.printf

  • CVE-2007-5755 - AOL Radio AmpX Buffer Overflow

  • CVE-2007-5659 - Adobe Reader CollectEmailInfo

  • CVE-2006-0003 - MDAC (IE6 COM CreateObject Code Execution)

  • Aggressive Mode - This is a Java applet that downloads and executes you exe, the feature can be turned on and off in the admin panel



Sources:
websense
offensivecomputing
malwaredomainlist
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Categories: crimepack, exploit, Exploits, vulnerability
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
volute-glacial
volute-glacial
volute-glacial
volute-glacial
Copyright © Anti-Malware Laboratory | Powered by Blogger
Design by Fabthemes | Blogger Template by NewBloggerThemes.com