14 DAY TRIAL // Experts from Trustwave’s SpiderLabs found a new version of an exploit kit that was first launched in 2009. It’s called Nuclear Pack 2.0 and it comes with some interesting features, but initial analysis shows that it brings nothing new to the exploit kit market.
First of all, the developers of Nuclear Pack 2.0 obfuscated the malicious code by hiding it within the HTML SPAN tag.
This particular tag is loaded from a JavaScript by using the getElementsByTagName function, being transmitted into a JavaScript code after numerous mathematical manipulations. Then, the code is executed using the eval function.
Many aspects of the new Nuclear Pack exploit kit resemble BlackHole. For instance, it uses the getJavaInfo applet to determine the version of Java that’s running on the targeted machine, after which it starts scanning for vulnerabilities.
According to security researchers, Nuclear Pack 2.0 exploits vulnerabilities in Acrobat Reader, Internet Explorer, Java, and Oracle Java Rhino.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.