New Whitehole exploit toolkit emerges on the underground market

For now the toolkit only targets Java vulnerabilities, researchers say

A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.

Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player.

Attacks that use such toolkits are called drive-by downloads and they don't require any user interaction, making them one of the most efficient ways to distribute malware. Users generally get redirected to drive-by download attack pages when visiting compromised websites.

Whitehole uses similar code to Blackhole, one of the most popular exploit toolkits used today, but does have some particular differences, the Trend Micro security researchers said in a blog post.

For one, Whitehole only contains exploits for known Java vulnerabilities, namely: CVE-2011-3544, CVE-2012-1723, CVE-2012-4681, CVE-2012-5076 and CVE-2013-0422.

The most recent of these vulnerabilities, CVE-2013-0422, was patched by Oracle in Java 7 Update 11, which was released as an emergency update on Jan. 13 in response to drive-by download attacks that were already exploiting the flaw. The first CVE-2013-0422 exploit was found in Cool Exploit Kit, a high-end version of Blackhole, but the exploit was later added to Blackhole as well.

Other notable Whitehole features include the ability to evade antivirus detection, prevent Google Safe Browsing from detecting and blocking it, and load up to 20 malicious files at once, the Trend Micro researcher said.

Whitehole is still under development and currently operates as a test release. However, its creators are already renting its usage to other criminals for prices between US$200 and $1,800, depending on their traffic volume.

According to the Trend Micro researchers, Whitehole is being used to distribute a variant of a rootkit called ZeroAccess (or Sirefef) whose purpose is to install additional malware.

"Given Whiteholes current state, we may be seeing more noteworthy changes to the exploit kit these coming months. Thus, we are continuously monitoring this threat for any developments," the researchers said.

Security experts are regularly advising users to keep their software and browser plug-ins up to date in order to protect their computers from drive-by download attacks. However, in some cases, attackers use exploits for vulnerabilities that haven't been patched -- zero-day exploits. To prevent such attacks, it's better to completely disable browser plug-ins that are not frequently used and to enable click-to-play for plug-in based content in browsers that support the feature like Mozilla Firefox, Google Chrome and Opera.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags online safetytrend microsecurityExploits / vulnerabilitiesmalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?