2012-11-17 - Exploit Integration
CVE-2012-5076 - Massively adopted - Blackhole update to 2.0.1
CVE-2012-5076 is being adopted in a massive and fast way.
We can see the same kind of spreading as for CVE-2012-4681 at end of August 12.
---------------------------------------------------
As expected Paunch announced the integration of the new exploit in it's Blackhole with version going to 2.0.1
 |
| Paunch announcement |
 |
| CVE-2012-5076 on BH EK 2.0 landing found on MDL |
 |
| spn.jar from Blackhole Exploit Kit |
Files (NB: there is one global zip at the end):
http://dl.dropbox.com/u/106864056/BHEK_CVE-2012-5076.zip
----------------------------------------------------
Sweet Orange integrated it too :
 |
| CVE-2012-5076 in SWT |
 |
| CVE-2012-5076 in the jar file from SWT |
Files
http://dl.dropbox.com/u/106864056/SWT_CVE-2012-5076.zip
(by the way confirmation of CVE-2011-3544 in SWT : http://dl.dropbox.com/u/106864056/SweetOrange_CVE-2011-3544.zip )
----------------------------------------------------
 |
| CVE-2012-5076 integrated to Sakura EP |
 |
| CVE-2012-5076 in a jar file from Sakura EK |
http://dl.dropbox.com/u/106864056/Sakura_CVE-2012-5076.zip
----------------------------------------------------
Announced.
 |
| Announcement of the update (for timestamp...oups.........yep feeling guilty....) |
 |
| CVE-2012-5076 positive path on Nuclear Pack |
 |
| CVE-2012-5076 in Nuclear Pack jar file |
http://dl.dropbox.com/u/106864056/Nuclear_Pack_CVE-2012-5076.zip
----------------------------------------------------
"sibhost" (Have choose to stick to this name for the moment)
(exploit kit mostly spreading Urausy since months, after having pushed Reveton in june).
How do you name this ? Anyone know the real name ?
 |
| Login screen of "sibhost" |
Thanks (!) Malekal for the live URL
 |
| "sibhost" spreading Urausy - Payload now included in the jar |
 |
| CVE-2012-5076 in "sibhost" jar file |
Files:
http://goo.gl/3ZZPq (Mega)
----------------------------------------------------
All Files :
http://dl.dropbox.com/u/106864056/CVE-2012-5076_combo.zip
http://goo.gl/cQ2oP (Mega)
Seems not incorporated in Nice Pack and CritXPack.
Didn't found SofosFO live (Emerging Threats name) but have been told (thanks C. ) that's it's CVE-2012-5076 positive.
<edit1: 21/11/12>
Redkit:
 |
| CVE-2012-5076 Path on Redkit |
 |
| Redkit jar file showing the CVE-2012-5076 implementation |
http://dl.dropbox.com/u/106864056/Redkit_CVE-2012-5076.zip
</edit1>
Read more ?
A technical analysis on new Java vulnerability (CVE-2012-5076) - 15-11-2012 - Jeong Wook (Matt) Oh - MMPC