Neutrino Exploit Kit Description
ESG security researchers have received reports of malware attacks involving an exploit kit known as the Neutrino Exploit Kit. According to PC security analysts, 2013 will see the release of exploit kits more dangerous than anything used before. This is because new exploit kits are being released which are more robust and harder to detect than previous versions of this attack. This phenomenon has been taking place since the beginning of 2013 with the deliverance of new variants of the infamous Black Hole Exploit Kit and new exploit kits such as the Whitehole Exploit Kit. The added variety is sure to make the work of PC security researchers more difficult and essential in 2013. The Neutrino Exploit Kit takes advantage of numerous known vulnerabilities in software and operating systems, including the widely publicized CVE-2013-0422.
The Neutrino Exploit Kit is being sold in underground hacking forums as a way to reach computers more widely than ever before. This exploit is often detected as JAVA_EXPLOYT.NEU and adds the CVE-2013-0431 and CVE-2012-1723 vulnerabilities to a long list of vulnerabilities already exploited by more common exploit packs. The Neutrino Exploit Kit can be used to attack computers using versions of the Java Runtime Environment including Java 7 Update 11 and lower. Attacks involving the Neutrino Exploit Kit have been associated with ransomware scams, typically installing the TROJ_RANSOM.NTW variant of these scams. While there are numerous families of ransomware, those associated with the Neutrino Exploit Kit will typically carry out a more sophisticated version of this scam, often disabling features like Safe Mode and System Restore. While the vulnerabilities listed above have also been covered by other exploit kits, the Neutrino Exploit Kit includes several features that put these kinds of attacks into the hands of a wider range of criminals.
The Misleading Features of the Neutrino Exploit Kit
The Neutrino Exploit Kit uses a user friendly approach which also allows criminals to monitor their attacks and gather statistics that can be used to carry out future attacks. The Neutrino Exploit Kit is often more affordable than other exploit kits due to the option of renting the Neutrino Exploit Kit per day of per month. These features indicate that attacks involving the Neutrino Exploit Kit can be part of larger, more organized efforts than before, a prospect that worries many malware researchers.