Sophos Cloud Optix
Award-winning security blogger Brian Krebs is loved by everyone on the internet… apart from the criminals.
The fact that Krebs has shut down spam operations, helped dismantle botnets, given the notorious Russian Business Network more than the odd headache, has made him plenty of enemies in the internet underground.
Just last month, online crooks launched a DDoS (distributed denial-of-service) attack against Krebs’s blog, and sent an armed SWAT team around to his house.
So, I was interested to hear from SophosLabs researcher Fraser Howard what he had uncovered inside the latest version of the Redkit exploit kit what appeared to be a message for Brian Krebs.
Crebs, its your fault
What’s that famous quote?
“Say anything you want about me as long as you spell my name right!”.
In this particular case, the Redkit gang were struck by a double attack of both poor spelling and lousy grammar – but I doubt tireless cybercrime reporter Krebs will lose much sleep over it.
Sophos products are proactively detecting the redirects which point to the exploit site as Troj/JSRedir-R and Troj/Iframe-JG.
The landing page of the exploit kit is detected as Troj/ExpJS-II, and Sophos proactively protects against the Java vulnerability (CVE=2012-4681) that this version of Redkit tries to exploit as Exp/20124681-C.
Thanks to SophosLabs Principal Researcher Fraser Howard for alerting me to this message.
‘The measure of a man is shown by the stature of his enemies.’
I have been following Brian Krebs for some time now – he has an excellent blog going for all and sundry, but he has one minor fault.
Being a gentleman, he continually refers to them as miscreants instead of their true term – rotting thieving bastards – because that is their true description!
The fact is that Malsubjects will continue to cause havoc in cyberspace using everything they have in their power. It is time that we all realize that we are fighting a cyberwar where in many cases the malsubjects are winning many of these battles. It’s about time we defend ourselves with ALL we’ve got!