New Whitehole exploit toolkit emerges on the underground market

For now the toolkit only targets Java vulnerabilities, researchers say

A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.

Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player.

Attacks that use such toolkits are called drive-by downloads and they don't require any user interaction, making them one of the most efficient ways to distribute malware. Users generally get redirected to drive-by download attack pages when visiting compromised websites.

Whitehole uses similar code to Blackhole, one of the most popular exploit toolkits used today, but does have some particular differences, the Trend Micro security researchers said in a blog post.

For one, Whitehole only contains exploits for known Java vulnerabilities, namely: CVE-2011-3544, CVE-2012-1723, CVE-2012-4681, CVE-2012-5076 and CVE-2013-0422.

The most recent of these vulnerabilities, CVE-2013-0422, was patched by Oracle in Java 7 Update 11, which was released as an emergency update on Jan. 13 in response to drive-by download attacks that were already exploiting the flaw. The first CVE-2013-0422 exploit was found in Cool Exploit Kit, a high-end version of Blackhole, but the exploit was later added to Blackhole as well.

Other notable Whitehole features include the ability to evade antivirus detection, prevent Google Safe Browsing from detecting and blocking it, and load up to 20 malicious files at once, the Trend Micro researcher said.

Whitehole is still under development and currently operates as a test release. However, its creators are already renting its usage to other criminals for prices between US$200 and $1,800, depending on their traffic volume.

According to the Trend Micro researchers, Whitehole is being used to distribute a variant of a rootkit called ZeroAccess (or Sirefef) whose purpose is to install additional malware.

"Given Whiteholes current state, we may be seeing more noteworthy changes to the exploit kit these coming months. Thus, we are continuously monitoring this threat for any developments," the researchers said.

Security experts are regularly advising users to keep their software and browser plug-ins up to date in order to protect their computers from drive-by download attacks. However, in some cases, attackers use exploits for vulnerabilities that haven't been patched -- zero-day exploits. To prevent such attacks, it's better to completely disable browser plug-ins that are not frequently used and to enable click-to-play for plug-in based content in browsers that support the feature like Mozilla Firefox, Google Chrome and Opera.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareonline safetytrend microExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?