CrimeBoss Exploit Kit – Java CVE-2013-0422 + SE tricks :)

2013.03.06

CrimeBoss EK already known, described and You may see it here:

KahuSecurity

MalwareSigs

So I will not paste all details step-by-step. Who interested – see it here.

What was interesting in this case in particular – Java exploit, that  try to convince victim, that it is Adobe Flash Player . 🙂

cbek2

Not new, actually, You right. @kafeine recently posted some details about similar behavior of recent Java exploit in Popads EK.

So – as You may see, idea appear to spread among other malware spreaders as well. 🙂

Actually, if You press “Cancel” in this point, no harm done to Your machine (if Java is up to date).

If Java is outdated – 2 additional exploits served as well.

Here samples on VT:

Java:

JAR1 JAR2 JAR3

Exe:

Bin [6/46]

That’s all

Stay safe

D.L.