This article is more than 1 year old
Russian malware scum post new rent-an-exploit
Unpatched browser, plug-in bugs targeted by and with 'Disdain' kit
WebEx on Firefox is among the targets of a new exploit kit that's started circulating on Russian nastyware exchanges.
The Disdain-based exploit kit is described here by security services outfit IntSights, which says the exploit kit is offered by someone using the handle "Cehceny".
David Montenegro (@CryptoInsane) says Disdain is a copy-paste of the open source BEPS exploit kit.
This is a Copy && Paste of BEPS Exploit Kit( Open Source ) .. 🤔🤔 pic.twitter.com/ROWd3YH5Tf
— David Montenegro (@CryptoInsane) August 9, 2017
IntSights says the kit includes:
- A domain rotator, to make the C&C harder to block;
- Support for exploits to exchange RSA keys;
- The C&C's panel server can't be traced from the payload server; and
- IP geolocation, browser and IP tracking, and domain scanning.
Disdain is rented on a daily, weekly, or monthly basis at US$80, $500, and $1,400 respectively. Victims who hit the exploit are scanned, and the kit tries to attack a number of known vulnerabilities from between 2013 and this year.
That's where the Cisco WebEx plug-in comes in: CVE-2017-3823, which landed in January this year, is an API error that exposes an unpatched user to remote code execution.
The other 14 CVEs the kit tests for are browser bugs (Internet Explorer, Firefox and Edge) and three Flash bugs. The other vulns probed are below.
CVE | Target |
---|---|
CVE-2017-5375 | Firefox |
CVE-2017-0037 | Internet Explorer |
CVE-2016-9078 | Firefox |
CVE-2016-7200 | Edge and Internet Explorer |
CVE-2016-4117 | Flash |
CVE-2016-1019 | Flash |
CVE-2016-0189 | Internet Explorer |
CVE-2015-5119 | Flash |
CVE-2015-2419 | Internet Explorer |
CVE-2014-8636 | Firefox |
CVE-2014-6332 | Internet Explorer |
CVE-2014-1510 | Firefox |
CVE-2013-2551 | Internet Explorer |
CVE-2013-1710 | Firefox |
All vectors have patches available. ®