Spreadsheet that lists which exploits each exploit kit uses

Discussion in 'malware problems & news' started by MrBrian, Jan 16, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    See "Most popular exploits" section at Secure Windows XP after updates end.
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From paper "A Case Study of Intelligence-Driven Defense" (2011) (direct link: hxxp://www.trailofbits.com/resources/exploit_intelligence_project_paper.pdf ):
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    It's quite revealing to see that CVE-2006-0003 -- the IE6 MS06-014 exploit -- is still being used in *12* of the exploit kits!

    So, why would an 8-year old exploit, long since patched, still be lucrative??! It's one of the really clever exploits, IMO.


    ----
    rich
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you look at only the newest versions of the exploit kits though (yellow-ish columns), notice that only one contains that exploit. The newest versions of the exploit kits contain mostly exploits from the last several years.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    That is true, but the older versions still exist. I found one recently. Unfortunately, I no longer have a version of IE that would let it run.

    Eventually, of course, that exploit will be regulated to the dust bin of history. May it rest in (deserved) peace. It served it's users well!


    ----
    rich
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From hxxp://www.solutionary.com/research/security-intelligence/ :
     
  9. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Just in case, you can make links unclickable without the hxxp method, just by putting a "-" in front of them. It's easier to copy and paste them in that case.

    -http://www.solutionary.com/research/security-intelligence/
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Why make a link unclickable? If there is something dangerous about it, then it shouldn't be posted in the first place.
    I usually pass on them because

    1) I'm too lazy to copy|paste

    2) I figure there is something undesirable about the link.


    ----
    rich
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada

    Good question and one you asked me a long time ago :) I only started making them unclickable a long time back because I noticed so many others doing the same, figuring it must be forum policy. Well, I can't find that policy anywhere in the TOS. So, why are we doing this?
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If Web of Trust extension shows a site as green status, I usually give a clickable link, unless it's a direct link to a file. If Web of Trust extension shows a site as unrated, I usually give an unclickable link. (I know Web of Trust isn't perfect.) I use Adblock Plus, so I wouldn't know if a site contains inappropriate ads.
     
    Last edited: Jan 19, 2014
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Thanks for the tip :). I'm not sure I'd use that though, because there are browser extensions that automatically might convert such back into a clickable link.
     
Loading...
Thread Status:
Not open for further replies.