Both packages exploits are so similar that the operation uses the same vulnerabilities the file and one code.
Experts of the company F-Secure discovered that hackers recently focused on the development of a package of exploits called Cool, which is almost a copy of a known product Blackhole.
Cool package exploit allows attackers to remotely exploit security vulnerabilities and perform drive-by attack. In addition, the researchers noted that in addition to carrying out attacks, Cool also has a set of additional features, including the ability to scan the browser and operating system for potentially vulnerable plugins.
According to employees of F-Secure, a set of exploits designed like the other, is very popular among cybercriminals product – Blackhole. The experts found that both packages use the same exploit to attack targets, a similar technique of infection and how to upgrade. For example, after the elimination of vulnerabilities exploited both products almost simultaneously updated and attack the same vulnerable components of the system.
“Even with all the differences, we can conclude that the Blackhole Cool and more than a little like” – note in the F-Secure.
According to the researchers, similar items to the set of exploits related to the level of coding, the various functions and operations in the implementation attacks. In addition, both products even use the same file names and one code.
Results of the comparison of methods and technologies of distribution and functioning exploit kits allow experts to conclude that the two products can be created one a virus writer.