NEWS FROM THE LAB - Monday, April 2, 2012

Blackhole's Lesser Known Exploit Posted by ThreatInsight @ 14:07 GMT

Although Blackhole has been investigated and dissected multiple times, there are still some surprises that emerge. One thing we just discovered is an exploit for CVE-2011-0559, which is one of the two Flash exploits being used by Blackhole currently.

Flash code

Compared to other exploits, this one has been used by Blackhole for quite some time and yet… the coverage using different security products is very low.

VirusTotal results

With very low antivirus coverage, no Metasploit module, and PoCs being extremely difficult to find, this increases the chances of exploitation. Blackhole targets to exploit Adobe Flash 10.0 and earlier versions, 10.1, and 10.0.x (where x is later than 40). The vulnerability has been patched since March 2011. Detection has been added to F-Secure Anti-Virus as Exploit:W32/CVE-2011-0559.A.

Blackhole never ceases to surprise.


Threat Insight Post by — Karmina and Timo