RedKit Java exploit – under the hood

VirusHere I put some technical details about RedKit Java exploit.
I will use real sample of captured network traffic. The analysis was done using the following tools: CuckooBox 0.6, Java Decompiler GUI, Wireshark.

Don’t follow any URLs in this post! They may still contain the malware.

OK, now step 1: a victim visits an infected web page at

Browser loads a pretty simple web page with a Flash video to entertain a victim while malware is loading.

Here is the network capture:


It looks like nothing is wrong, but … it contains an injected iframe that redirects browser to another host:


Leave a comment