14 DAY TRIAL // Security researchers warn that a new version of the Eleonore exploit kit has been released on the black market and targets a 0-day vulnerability.
Eleonore is one of the most popular and sophisticated drive-by download attack kits used by cybercriminals to infect people with malware.
Like most tools of this kind, the kit features advanced obfuscation, multiple exploits and a control panel providing statistics about victims.
Drive-by download attacks have become one of the primary methods of distributing malware on the Internet.
Hackers exploit vulnerabilities in legit websites to insert rogue code that loads exploits targeting the most popular applications in the background.
According to Threatpost, the new version of Eleonore has been released sometime on Monday and costs around $2,000, which is a high price for an exploit kit.
"Exmanoize [Eleonore's author] seems to have released a new version of his exploit pack today, adding an 0day, some exploits, and research-resistant functionality to rev his highly priced pack.
"Groups have been using this pack to deliver client side exploits and malware payloads across the net. We’ll be watching for more high profile attacks from these groups using his pack," said Kurt Baumgartner, senior security researcher at Kaspersky Lab.
It's not yet clear which 0-day vulnerability is being targeted by the new Eleonore version, but the Internet Explorer CSS vulnerability is a strong candidate.
The remote code execution flaw was discovered in December and proof-of-concept exploit code that bypasses ASLR and DEP has already been created.
The vulnerability was a zero-day on Monday when this Eleonore version was released, but Microsoft released a patch since then as part of its MS11-003 Security Bulletin.
Users are strongly advised to keep their applications and operating systems up to date in order to avoid falling victims to drive-by download attacks. Running a capable antivirus program with a Web protection component is also critically important.