Security technicians at antivirus firm Trend Micro are warning IT security administrators and users to be on the lookout for an emerging exploit kit named Whitehole which can evade antimalware detection and blocking mechanisms of browsers.
Trend Micro said Whitehole is being used to distribute a variant of the ZeroAccess (or Sirefef) rootkit which is designed to install additional malware on vulnerable machines. It can download up to 20 malicious files at once, according to Trend Micro. Whitehole can evade detection by antivirus software and is able to prevent Google Safe Browsing from detecting and blocking it.
RELATED CONTENT
Blackhole is getting shadier
Java patched but problems remains
Whitehole uses code similar to that of the more popular Blackhole exploit kit which has become a favourite with attackers targeting unpatched holes in Java. However, Whitehole does not obfuscate when using plugindetec.js, unlike Blackhole which uses JavaScript to mask its activity, said Trend Micro.
Whitehole contains exploits for the following Java vulnerabilities: CVE-2011-3544, CVE-2012-1723, CVE-2012-4681, CVE-2012-5076, and CVE-2013-0422
Last month, Oracle Corp. issued an emergency release in Java 7 Update 11 to patch CVE-2013-0422 to stop a zero-day exploit. However, researchers from the Polish firm Security Exploit said the patch failed to plug new vulnerabilities which allow hackers to execute arbitrary code on computers.
Prior to that the United States Department of Homeland Security had earlier issued a warning to computer users to disable their Java plug-ins due to a major vulnerability.