Even though it’s sometimes easy to forget that there are exploit kits other than BlackHole, other groups still strive for sales in the exploit kits market. So, while some of those toolkits are sophisticated enough to compete head-to-head with BlackHole, such as Redkit (which isn’t red anymore), others provide lower-end solutions which typically costs less. One of those lower-end toolkits would be Sakura.
Today we’ve come across a new version of this toolkit, labeled 1.1.
The toolkit attack code isn’t obfuscated except for some character encoding:
The included PDF file attempts to exploit the libTiff (CVE-2010-0188) vulnerability while the Java applet attempts to exploit CVE-2012-0507.
Needless to say, customers of Trustwave Secure Web Gateway (SWG) are protected by default.