Russian malware scum post new rent-an-exploit

Unpatched browser, plug-in bugs targeted by and with 'Disdain' kit

5 Reg comments Got Tips?

WebEx on Firefox is among the targets of a new exploit kit that's started circulating on Russian nastyware exchanges.

The Disdain-based exploit kit is described here by security services outfit IntSights, which says the exploit kit is offered by someone using the handle "Cehceny".

David Montenegro (@CryptoInsane) says Disdain is a copy-paste of the open source BEPS exploit kit.

IntSights says the kit includes:

  • A domain rotator, to make the C&C harder to block;
  • Support for exploits to exchange RSA keys;
  • The C&C's panel server can't be traced from the payload server; and
  • IP geolocation, browser and IP tracking, and domain scanning.

Disdain is rented on a daily, weekly, or monthly basis at US$80, $500, and $1,400 respectively. Victims who hit the exploit are scanned, and the kit tries to attack a number of known vulnerabilities from between 2013 and this year.

That's where the Cisco WebEx plug-in comes in: CVE-2017-3823, which landed in January this year, is an API error that exposes an unpatched user to remote code execution.

The other 14 CVEs the kit tests for are browser bugs (Internet Explorer, Firefox and Edge) and three Flash bugs. The other vulns probed are below.

CVE Target
CVE-2017-5375 Firefox
CVE-2017-0037 Internet Explorer
CVE-2016-9078 Firefox
CVE-2016-7200 Edge and Internet Explorer
CVE-2016-4117 Flash
CVE-2016-1019 Flash
CVE-2016-0189 Internet Explorer
CVE-2015-5119 Flash
CVE-2015-2419 Internet Explorer
CVE-2014-8636 Firefox
CVE-2014-6332 Internet Explorer
CVE-2014-1510 Firefox
CVE-2013-2551 Internet Explorer
CVE-2013-1710 Firefox

All vectors have patches available. ®


Keep Reading

We've come to wish you an unhappy birthday: Microsoft to yank services from Internet Explorer, kill off Legacy Edge by 2021

You need to give that plate back to us after you've finished your cake. Yes the fork too. We'll get your coat

Azure DevOps Services reminds users that, yes, it really is time to pull the plug on Internet Explorer 11

Ignite Sure, it's still wedged in the OS, but maybe you'd prefer something shiny and Chromier?

Microsoft teases Azure Data Explorer connector for picking its Synapse analytics service's brains

What do you mean you're not on board the Big Data bus?

In a world where up is down, it's heartwarming to know Internet Explorer still tops list of web dev pain points

Incompatibilities and inconsistent standards support among browsers ensure an ongoing source of headaches

Disabled by default: Microsoft ups the ante in its war against VBScript on Internet Explorer

Will the last IE 11 user please turn out the lights?

Nine words to ruin your Monday: Emergency Internet Explorer patch amid in-the-wild attacks

Update browser ASAP after Google gurus spot miscreants abusing bug to hijack PCs

If you never thought you'd hear a Microsoftie tell you to stop using Internet Explorer, lap it up: 'I beg you, let it retire to great bitbucket in the sky'

We say take off and nuke the entire codebase from orbit. It's the only way to be sure

It's Friday, the weekend has landed... and Microsoft warns of an Internet Explorer zero day exploited in the wild

Roundup Plus, WeLeakInfo? Not anymore!

Biting the hand that feeds IT © 1998–2020