Sourcefire

Web Exploit Kits (Part 3): Thwarting Detection

This video describes mechanisms used by web exploit toolkits to thwart detection. Specific techniques include randomized one-time domains, polymorphism, IP Blacklisting, use of CAPTCHAs, detection of TOR exit nodes, and so on. These techniques are employed by popular web exploit toolkits like Blackhole and Cool Exploit Kit among others. Other toolkits include Pheonix, Nuclear, Sweet Orange, DoubleSemi , Redkit/Siberia; older kits include MPack, IcePack, FirePack, and 0x88. These kits are used to drop malware such as Bamital, Cridex, ZeroAccess, and Zeus onto the systems of unsuspecting victims by exploiting web browser and web browser related vulnerabilities.

RunTime - 11:14

Uploaded - 10 Apr 2013

 

 
©2014 Cisco and/or its affiliates. All rights reserved.