Here I put some technical details about RedKit Java exploit.
I will use real sample of captured network traffic. The analysis was done using the following tools: CuckooBox 0.6, Java Decompiler GUI, Wireshark.
Don’t follow any URLs in this post! They may still contain the malware.
OK, now step 1: a victim visits an infected web page at simtek.cc.free.fr
Browser loads a pretty simple web page with a Flash video to entertain a victim while malware is loading.
Here is the network capture:
It looks like nothing is wrong, but … it contains an injected iframe that redirects browser to another host: qiqojahe.ru:
