A peek inside a CVE-2013-0422 exploiting DIY malicious Java applet generating tool

By Dancho Danchev

On a regular basis we profile various DIY (do it yourself) releases offered for sale on the underground marketplace with the idea to highlight the re-emergence of this concept which allows virtually anyone obtaining the leaked tools, or purchasing them, to launch targeted malware attacks.

Can DIY exploit generating tools be considered as a threat to the market domination of Web malware exploitation kits? What’s the driving force behind their popularity? Let’s find out by profiling a tool that’s successfully generating an exploit (CVE-2013-0422) embedded Web page, relying on malicious Java applets.

More details:

Sample screenshot of the DIY exploit generating tool:


Second screenshot of the DIY exploit generating tools in action:


To use it, a cybercriminal submits a URL and the tool will embeds the exploit based on their preferences. The Web page then functions as a foundation for a successful social engineering attempt. The options provide the ability to choose a URL pointing to a malicious executable, define what happens once the exploitation takes place, and the name of the malicious Java applet.

DIY client-side exploits embedding tools aren’t new however; despite their popularity, they fail to achieve the efficiency levels offered by modern and systematically updated Web malware exploitation kits. What they make fairly easy to accomplish is to empower a potential cybercriminal with an extremely easy to use point’n’click tool, to assist them in targeted malware campaigns.

We’ll continue to monitor the re-emergence of the DIY cybercrime ecosystem market concept, and post updates as soon as new tools and services become available for cybercriminals to take advantage of.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

Join the Conversation

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s