2012-04-05 - Evolution

CVE-2012-0507 on Windows XP

Blackhole Exploit Kit got an update on March 25th. 1.2.2 -> 1.2.3
As Paunch 's announcement could portend
Paunch's post on Exploit.in

Original Post :

Торопимся за 1.2.3 версией
добавлен новый Java exploit бьющий до версии включительно и задевающий 1.7 ветку
обновление как всегда бесплатное для моих клиентов и арендаторов (арендаторам стучать не нужно все и так будет обновлено)
-- Google Translate--
Hurry for the 1.2.3 version
added a new Java exploit the striker to inclusive version 1.7 branch, and grazing
update as always free for my clients and tenants (tenants do not have to knock everything and it will be updated)

The CVE-2012-0507 is now widely exploited. Here in action. Sample deployed is Reveton

The data/Pol.jar seems to be almost daily updated. Somes of hashes seen previous days.
In 1.2.2 it seems the "convertion rate" was decreasing slowly to something like 8% (this is always not good to put a % as it mainly depend on the "user stream". Have seen for instance Canada campain with 5% and Spain with 30% (!) )
Now it look like it is not far an average of 12% (please don't take these numbers for granted)
--Edit : as I wanted to give correct number have made some checks. In fact it seems we are now only 2-5% more than before the update. The days following the update there was a huge increase of the conversion rate but it has calmed down --