About the new java 0 day vulnerability (CVE-2013-0422)

A couple of hours ago @Kafeine discovered a new java 0 day exploit in the wild.


This exploit is served by most exploit kits like Blackhole, Cool exploit kit and Nuclear pack.When the malicious applet is executed its download and execute a copy of Zeus.



A curious thing is that Zbot comes with a self signed digital certificate.


But detection rate is quite good with 12/46 link.

The jar file has been dropped by Blackhole so it's heavily obsfuscated by some commercial obfuscator and is detected by 5/46 link.


You can find both files here. (password is: malware)

If you want to read more take a look at kafeine's blog post.

-- Update

Working Poc here.

Quick video to show you this PoC against Avira Free antivirus

Comments

Post a Comment

Popular posts from this blog

Java Exploit Code Obfuscation and Antivirus Bypass/Evasion (CVE-2012-4681)

The Latest Java Exploit with Security Prompt/Warning Bypass (CVE-2013-2423)

Deobfuscating Java 7u11 Exploit from Cool Exploit Kit (CVE-2013-0431)