Lifting the lid on the Redkit exploit kit (Part 1)

Discussion in 'malware problems & news' started by TheKid7, May 6, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Lifting the lid on the Redkit exploit kit

    Lifting the lid on the Redkit exploit kit (Part 1):
    http://nakedsecurity.sophos.com/2013/05/03/lifting-the-lid-on-the-redkit-exploit-kit-part-1/
     
    Last edited: May 9, 2013
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    A closer look at the malicious Redkit exploit kit:
    http://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Whew! All of that obfuscation just to sneak in a payload! Quite interesting.

    Obfuscation (causing confusion, making obscure) goes back quite a few years. All that has changed are the different methods of working with the variables and functions.

    From 6 years ago:

    Raising the bar: dynamic JavaScript obfuscation
    2007-08-02
    http://isc.sans.org/diary.html?storyid=3219
    As far as its use in Exploit Kits, such as Redkit, it's purpose is to download a binary executable (.exe in this article's example) and the comments at the end of the article point out that existing solutions effectively block these payloads:

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.