2012-04-05 - Evolution

CVE-2012-0507 on Windows XP

Blackhole Exploit Kit got an update on March 25th. 1.2.2 -> 1.2.3
As Paunch 's announcement could portend
Paunch's post on Exploit.in

Original Post :

Торопимся за 1.2.3 версией
добавлен новый Java exploit бьющий до 1.6.0.30 версии включительно и задевающий 1.7 ветку
обновление как всегда бесплатное для моих клиентов и арендаторов (арендаторам стучать не нужно все и так будет обновлено)
-- Google Translate--
Hurry for the 1.2.3 version
added a new Java exploit the striker to 1.6.0.30 inclusive version 1.7 branch, and grazing
update as always free for my clients and tenants (tenants do not have to knock everything and it will be updated)

The CVE-2012-0507 is now widely exploited. Here in action. Sample deployed is Reveton


The data/Pol.jar seems to be almost daily updated. Somes of hashes seen previous days.
8050b15a9d6a530bbadc564813bcb2eb
257c40b5da6546f8c613aa238570896f
f48070f2e18fbede54046dd844b6a35d
1556dab19be5cc3ced92a198562dd358
In 1.2.2 it seems the "convertion rate" was decreasing slowly to something like 8% (this is always not good to put a % as it mainly depend on the "user stream". Have seen for instance Canada campain with 5% and Spain with 30% (!) )
Now it look like it is not far an average of 12% (please don't take these numbers for granted)
--Edit : as I wanted to give correct number have made some checks. In fact it seems we are now only 2-5% more than before the update. The days following the update there was a huge increase of the conversion rate but it has calmed down --