The Redkit malware exploit gang has a message for security blogger Brian Krebs

Filed Under: Featured, Malware, Vulnerability

Brian Krebs

Brian Krebs

Award-winning security blogger Brian Krebs is loved by everyone on the internet... apart from the criminals.

The fact that Krebs has shut down spam operations, helped dismantle botnets, given the notorious Russian Business Network more than the odd headache, has made him plenty of enemies in the internet underground.

Just last month, online crooks launched a DDoS (distributed denial-of-service) attack against Krebs's blog, and sent an armed SWAT team around to his house.

So, I was interested to hear from SophosLabs researcher Fraser Howard what he had uncovered inside the latest version of the Redkit exploit kit what appeared to be a message for Brian Krebs.

Message for Brian Krebs

Crebs, its your fault

What's that famous quote?

"Say anything you want about me as long as you spell my name right!".

In this particular case, the Redkit gang were struck by a double attack of both poor spelling and lousy grammar - but I doubt tireless cybercrime reporter Krebs will lose much sleep over it.

Sophos products are proactively detecting the redirects which point to the exploit site as Troj/JSRedir-R and Troj/Iframe-JG.

The landing page of the exploit kit is detected as Troj/ExpJS-II, and Sophos proactively protects against the Java vulnerability (CVE=2012-4681) that this version of Redkit tries to exploit as Exp/20124681-C.

Thanks to SophosLabs Principal Researcher Fraser Howard for alerting me to this message.

, , , ,

You might like

3 Responses to The Redkit malware exploit gang has a message for security blogger Brian Krebs

  1. Lance · 854 days ago

    'The measure of a man is shown by the stature of his enemies.'

  2. Zeitgueist · 852 days ago

    I have been following Brian Krebs for some time now - he has an excellent blog going for all and sundry, but he has one minor fault.

    Being a gentleman, he continually refers to them as miscreants instead of their true term - rotting thieving bastards - because that is their true description!

  3. Felix Uribe · 847 days ago

    The fact is that Malsubjects will continue to cause havoc in cyberspace using everything they have in their power. It is time that we all realize that we are fighting a cyberwar where in many cases the malsubjects are winning many of these battles. It’s about time we defend ourselves with ALL we’ve got!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley