2012-11-17 - Exploit Integration

CVE-2012-5076 - Massively adopted - Blackhole update to 2.0.1

CVE-2012-5076 is being adopted in a massive and fast way.
We can see the same kind of spreading as for CVE-2012-4681 at end of August 12.

As expected Paunch announced the integration of the new exploit in it's Blackhole with version going to 2.0.1

Paunch announcement
He wrote CVE-2012-5067... but it's the same exploit as on Cool EK so :  CVE-2012-5076

CVE-2012-5076 on BH EK 2.0 landing found on MDL

spn.jar from Blackhole Exploit Kit

Files (NB: there is one global zip at the end):


Sweet Orange integrated it too :

CVE-2012-5076 in SWT
CVE-2012-5076 in the jar file from SWT

(by the way confirmation of CVE-2011-3544 in SWT : http://dl.dropbox.com/u/106864056/SweetOrange_CVE-2011-3544.zip )

CVE-2012-5076 integrated to Sakura EP
CVE-2012-5076  in a jar file from Sakura EK
Files :

Announcement of the update (for timestamp...oups.........yep feeling guilty....)
CVE-2012-5076 positive path on Nuclear Pack
CVE-2012-5076 in Nuclear Pack jar file

"sibhost" (Have choose to stick to this name for the moment)
(exploit kit mostly spreading Urausy since months, after having pushed Reveton in june).

How do you name this ? Anyone know the real name ?

Login screen of "sibhost"

Thanks (!) Malekal for the live URL

"sibhost" spreading Urausy - Payload now included in the jar
CVE-2012-5076 in "sibhost" jar file

All Files :
http://goo.gl/cQ2oP (Mega)

Seems not incorporated in Nice Pack and CritXPack.
Didn't found SofosFO live (Emerging Threats name) but have been told (thanks C. ) that's it's CVE-2012-5076 positive.

<edit1: 21/11/12>

 CVE-2012-5076 Path on Redkit
Redkit jar file showing the CVE-2012-5076 implementation

Read more ?
A technical analysis on new Java vulnerability (CVE-2012-5076) - 15-11-2012 - Jeong Wook (Matt) Oh - MMPC