Xanda's Blog !~!

Weekly Summary : Internet Explorer Vulnerability & New BlackHole 2.0 Pattern

Sep
23

The biggest news for this week is of course related to the recent 0day vulnerability found in Internet Explorer, CVE-2012-4969. The exploit code that has leaked on the same server with the previous Java oday, has been discovered by several researchers and without any delay, it has been ported to Metsaploit framework.

I’ve done a quick writeup on this news earlier, and back then, there is no patch/fixit yet released by Microsoft. So I end up make a reference to MyCERT advisory which recommend users to use EMET and disable Active Script. But recently, Microsoft has released fixit and out of band patch to address this issue. As for now, there is no reported/blogged/twitted information saying that Malaysia has been targeted with this new vulnerability, and there is no Information on this vulnerability has been ported to BlackHole 2.0 as well.

Speaking about BlackHole 2.0, I’ve been seeing new pattern used in BlackHole 2.0 and could bypass most/some detection rules that specifically written based on the initial release of BlackHole 2.0. Thanks to #MalwareMustDie and MalwareDomainList for the brand new and fresh samples. My yara rules updated for both CVE-2012-4969 and BlackHole 2.0++, and MyYaraSIG members may perform a git pull to see the update.

Thats all for this week.

Thanks