Thursday, January 10, 2013

About the new java 0 day vulnerability (CVE-2013-0422)

A couple of hours ago @Kafeine discovered a new java 0 day exploit in the wild.


This exploit is served by most exploit kits like Blackhole, Cool exploit kit and Nuclear pack.When the malicious applet is executed its download and execute a copy of Zeus.



A curious thing is that Zbot comes with a self signed digital certificate.


But detection rate is quite good with 12/46 link.

The jar file has been dropped by Blackhole so it's heavily obsfuscated by some commercial obfuscator and is detected by 5/46 link.


You can find both files here. (password is: malware)

If you want to read more take a look at kafeine's blog post.

-- Update

Working Poc here.

Quick video to show you this PoC against Avira Free antivirus

3 comments:

  1. Thanks for the post, I am techno savvy. I believe you hit the nail right on the head. I am highly impressed with your blog. It is very nicely explained. Your article adds best knowledge to our Java Online Training from India. or learn thru Java EE Online Training Students.

    ReplyDelete