M86 Security Finds New Exploit Toolkit
Security researchers from M86 Security a security company warn that there's a fresh Exploit Toolkit, which they've detected and named Zombie Infection Toolkit. The detection apparently occurred when the company was examining an active drive-by download assault.
State the researchers that the use of the toolkit isn't so much as compared to Phoenix and Eleonore the more widely used toolkits as well as that it isn't as advanced as these other toolkits. But it indeed has all the common attack codes, which have been successfully employed while using a lot of other attack kits.
Moreover, Zombie exploits a known security flaw within IE 6 together with the latest flaw in Windows help center. The kit also abuses exploits attacking a pair of Java flaws, 2 flaws within Adobe Flash and 4 flaws within Adobe PDF Readers.
Significantly, according to M86, if exploitation is successful then malware can be loaded onto the victim's computer something that the user can realize too.
It further states that in light of the Zombie Infection Toolkit achieving a broad infection rate of 15.39%, it becomes quite evident that 9% of website visitors who ended up finding the contaminated web-pages actually lost control to Java exploits.
Remarking about this, the researchers at M86 stated that web-attackers were finding Java exploits more-and-more useful, since a lot of users weren't even aware that Java was being loaded onto their computer systems, alternatively that they required to be made up-to-date. Softpedia.com published this on October 19, 2010.
Remarking about the Java flaw, Director of security response team Marc Fossi at Symantec stated that attackers were cognizant that they could build exploits targeting Java. ComputerWorld.com published this on October 18, 2010. Fossi said that as Java was both cross-platform and cross-browser, web-attackers could find it favorable.
However, the new toolkit's attacks could be avoided if users removed Java when not in use on their PCs, alternatively uninstalled previous versions and installed the most recent version, as that'd save their PCs from possible malware infection. Additionally, users needed to learn certain ways with which they could keep their computers malware-free, the security researchers advised.
» SPAMfighter News - 27-10-2010