Once in few days I see some new stuff (for me, of course) and Google cannot answer me with enough details 🙂
— Denis Laskov (@it4sec) January 7, 2013
So URLquery named it SPL Exploit kit, and almost no additional info about it present. Weird? Yep.
So me and @nsmfoo had a look at it, to see what we can learn.
Well, first of all, as I understand, name to this EK was given based on some tech specs, that return in each installation detected. Since then tech details slightly changed, but major idea is the same.
Ok, lets begin…