All the latest UK technology news, reviews and analysis


Researchers warn of 'Cool' exploit platform

20 Nov 2012
security risk management

Users are being warned of the emergence of a new and popular malware exploit kit, dubbed 'Cool', which allows an attacker to remotely target security vulnerabilities in order to perform 'drive by' malware installations.

Researchers said that in addition to serving up attacks, the tool is also able to perform more sophisticated functions, including scanning for browser and operating system and detecting potentially vulnerable plug-ins.

According to F-Secure researchers Karmina Aquino and Timo Hirvonen, Cool bears a strong resemblance to another popular malware exploit platform. The duo noted that a number of the attack targets, techniques and updates displayed by Cool match that of the dubious Blackhole kit.

The researchers pointed out that when new vulnerabilities are disclosed, Blackhole and Cool often show updates at similar times and target many of the same vulnerable components and versions.

"With all these 'differences', it appears that Cool and Blackhole are more than just a tiny bit related," the researchers said in a blog posting.

The F-Secure researchers also noted a resemblance between the two attack kits at the coding level, performing similar functions and operations when carrying out attacks. Aquino and Hirvonen noted that when attacking components such as Flash, the two kits even go so far as to use the same file names and code.

"It may be just us, but the version checks by the two kits are very much alike." the researchers explained.

"And when we checked out Cool's Flash exploits, we can't help but notice that it uses the same Flash filenames as seen from Blackhole version 1, which happen to exploit the same Flash vulnerabilities."

As the cybercrime market has grown, attack kits have become an increasingly popular tool for spreading malware. The kits can range from free platforms to highly-sophisticated premium attack platforms.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
21%
4%
44%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Application Support Engineer (C++, SQL, RDBMS, .NET, VB, Perl)

Application Support Engineer (C++, SQL, RDBMS, .NET...

Software Developer -Mobile Gaming

We are looking to expand our core technical team with...

Trainee 1st Line IT Support Engineer/Technician

Trainee 1st Line IT Support Engineer/Technician Learning...

Test Engineer

Test Engineer Summary As a Test Engineer you...
To send to more than one email address, simply separate each address with a comma.