Think Information. Think Security.
Users are being warned of the emergence of a new and popular malware exploit kit, dubbed 'Cool', which allows an attacker to remotely target security vulnerabilities in order to perform 'drive by' malware installations. Researchers said that in addition to serving up attacks, the tool is also able to perform more sophisticated functions, including scanning for browser and operating system and detecting potentially vulnerable plug-ins.

According to F-Secure researchers Karmina Aquino and Timo Hirvonen, Cool bears a strong resemblance to another popular malware exploit platform. The duo noted that a number of the attack targets, techniques and updates displayed by Cool match that of the dubious Blackhole kit.

The researchers pointed out that when new vulnerabilities are disclosed, Blackhole and Cool often show updates at similar times and target many of the same vulnerable components and versions.

The F-Secure researchers also noted a resemblance between the two attack kits at the coding level, performing similar functions and operations when carrying out attacks. Aquino and Hirvonen noted that when attacking components such as Flash, the two kits even go so far as to use the same file names and code.

As the cybercrime market has grown, attack kits have become an increasingly popular tool for spreading malware. The kits can range from free platforms to highly-sophisticated premium attack platforms

Cross-posted from: V3 Co Uk

Leave a Reply.