Filtered By: Scitech

New 'whitehole' malware exploit kit revealed

Even before the threat of malware from the Blackhole exploit kit could die down, a new exploit kit has emerged, a security vendor warned over the weekend.
Trend Micro said the new kit, which it dubbed Whitehole Exploit Kit, uses similar code as Blackhole —but does not bother to hide itself.
"Whitehole Exploit Kit is purportedly under development and runs in 'test-release' mode. However, the people behind this kit are already peddling the kit and even command a fee ranging from $200 to $1,800," it said.
Other notable features of this new toolkit include the ability to:
  • evade antimalware detections
  • prevent Google Safe Browsing from blocking it
  • load a maximum of 20 files at once.
Trend Micro said an analysis of sample exploit malware, detected as JAVA_EXPLOYT.NTW, exploits vulnerabilities to download malicious files on a victim's computer.
It then downloads BKDR_ZACCESS.NTW and TROJ_RANSOM.NTW, noting ZACCESS/SIRIEF variants are known bootkit malware that download other malware and push fake applications.
"This specific ZACCESS variant connects to certain websites to send and receive information as well as terminates certain processes. It also downloads additional malicious files onto already infected systems," Trend Micro said.
On the other hand, ransomware typically locks systems until users pay money via specific payment modes.
"Given Whitehole’s current state, we may be seeing more noteworthy changes to the exploit kit these coming months. Thus, we are continuously monitoring this threat for any developments," Trend Micro said. — TJD, GMA News