ID: IRCNE2013041807
Date: 2013-04-07
According to “ITPro”, Malwarebytes security researchers claim to have discovered a new type of Java exploit kit that delivers two malwares in one attack – a move they have dubbed “the split”.
The Redkit exploit kit, which exploits Java vulnerabilities, was first detected in the wild in 2012.
Meanwhile, anti-virus vendor McAfee said in January that it was increasing in popularity and prevalence, but Malwarebytes now claims this is the first time it or any other exploit kit has been seen delivering two malicious codes at once.
We can expect several different malware samples within the payload, but there is a critical mass
Jerome Segura, senior security researcher at Malwarebytes, who explains in an upcoming blog post how the ‘split’ Redkit exploit kit was discovered, told IT Pro this technique is likely to become more popular.
“Since I started detecting this trick, I am seeing it a lot more within packet captures. For now it is still only part of the Redkit exploit kit, but it is just a matter of time before someone else copies it,” Segura said.
Segura also explained that while in theory this type of ‘split’ exploit kit could contain any number of malware files, there is a limit to how many can be wrapped together before it starts to cause problems for the kit itself.
“We can expect several different malware samples within the payload, but there is a critical mass. Too many samples could start conflicting with one another and also attract attention,” he claimed.
- 2