Gong Da exploit kit is involving, after integration of the CVE-2012-5076 Java vulnerability (Java Applet JAX-WS) one week ago, the EK is now preparing integration for Adobe Flash vulnerability CVE-2012-1535 fixed in APSB12-18 patch.
This new version was discovered on “hxxp://coa.ains.co.kr/css/css.html” and on “hxxp://www.dcpccdrw.com/asdf/index.html” web sites who is actually still online.
“coa.ains.co.kr” seem to be a legit web site and is hosted on 126.96.36.199, AS9318, in South Korea. “dcpccdrw.com” is hosted on 188.8.131.52, AS36351, in US. “dcpccdrw.com” domain name was created the 2012-11-23, through name.com registrar, for “tao wen ([email protected])“.
After de-obfuscation of the HTML files you can see that Gong Da Pack has involve to the following diagram.