Posts

Showing posts from January, 2013

About the new java 0 day vulnerability (CVE-2013-0422)

Image
A couple of hours ago @Kafeine discovered a new java 0 day exploit in the wild. This exploit is served by most exploit kits like Blackhole, Cool exploit kit and Nuclear pack.When the malicious applet is executed its download and execute a copy of Zeus. A curious thing is that Zbot comes with a self signed digital certificate. But detection rate is quite good with 12/46 link . The jar file has been dropped by Blackhole so it's heavily obsfuscated by some commercial obfuscator and is detected by 5/46 link . You can find both files here . (password is: malware) If you want to read more take a look at kafeine's blog post . -- Update Working Poc here . Quick video to show you this PoC against Avira Free antivirus