Thursday, January 10, 2013

About the new java 0 day vulnerability (CVE-2013-0422)

A couple of hours ago @Kafeine discovered a new java 0 day exploit in the wild.


This exploit is served by most exploit kits like Blackhole, Cool exploit kit and Nuclear pack.When the malicious applet is executed its download and execute a copy of Zeus.



A curious thing is that Zbot comes with a self signed digital certificate.


But detection rate is quite good with 12/46 link.

The jar file has been dropped by Blackhole so it's heavily obsfuscated by some commercial obfuscator and is detected by 5/46 link.


You can find both files here. (password is: malware)

If you want to read more take a look at kafeine's blog post.

-- Update

Working Poc here.

Quick video to show you this PoC against Avira Free antivirus

2 comments: