Like other Exploit Kits, Gong Da has add support for Oracle Java CVE-2013-1493 vulnerability, fixed in Oracle Java 6 Update 17, has also add support for Microsoft Internet Explorer CVE-2012-4969 and CVE-2012-4792 vulnerabilities, fixed in an emergency patch in September 2012 and January 2013.
Here is the new code for CVE-2013-1493.
And here the new code for CVE-2012-4792 (aka 4792.html) and CVE-2012-4969 (aka payload.html).
Also a new variant of CVE-2012-1889 (xml.html) has been introduced, reducing the detection rate by anti-viruses.
As always this new version of Gong Da Exploit Kit has been discovered on a Korean web site.
Gong Da Pack has involve to the following diagram.
Here under some information s regarding the different files:
- HcIa2.jar (aka CVE-2011-3544): 11/46 on VirusTotal.com
- bzExj6.jar (aka CVE-2012-0507): 14/45 on VirusTotal.com
- BnkLbvY3.jar (aka CVE-2012-1723): 19/46 on VirusTotal.com
- iCNpns4.jar (aka CVE-2012-4681): 28/46 on VirusTotal.com
- JdtDFRW1.jar (aka CVE-2012-5076): 16/46 on VirusTotal.com
- TolxrJG6.jar (aka CVE-2013-0422): 19/46 on VirusTotal.com
- FQxzUjYP.jar (aka CVE-2013-1493): 16/46 on VirusTotal.com
- GwDFO7.swf (aka CVE-2013-0634): 10/46 on VirusTotal.com
- xmlcoreOld.html (aka CVE-2012-1889): 18/46 on VirusTotal.com
- xml.html (aka CVE-2012-1889): 3/35 on VirusTotal.com
- xmlcoreNew.html (aka CVE-2012-1889): 10/45 on VirusTotal.com
- 4792.html (aka CVE-2012-4792): 1/46 on VirusTotal.com
- xyaKEg.html and payload.html (aka CVE-2012-4969): 5/46 on VirusTotal.com
Normally Gong Da was used against gamers, but this time the loaded malware seem to be different (analysis on ThreatExpert)
RT @eromang: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/nSHUP18niF
RT @eromang: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/nSHUP18niF
RT @ubersec: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support: http://t.co/TJEiUYSqtT #i …
RT @ubersec: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support: http://t.co/TJEiUYSqtT #i …
Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support: http://t.co/TJEiUYSqtT #infosec
Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support – http://t.co/l7asTER6hO
RT @virusbtn: The Gong Da exploit kit added “support” for three new vulnerabilities. @eromang has the details http://t.co/81bfwkKY6x
RT @virusbtn: The Gong Da exploit kit added “support” for three new vulnerabilities. @eromang has the details http://t.co/81bfwkKY6x
The Gong Da exploit kit added “support” for three new vulnerabilities. @eromang has the details http://t.co/81bfwkKY6x
Top story: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2… http://t.co/sgyxTnPrCA, see more http://t.co/WwvxaHI5Px
RT @eromang: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/nSHUP18niF
RT @Dinosn: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/z4ALQwGx4v
Gong Da has add support for Oracle Java vulnerability,fixed in @Oracle Java6 Update 17
http://t.co/FdxlQullUx http://t.co/iRhfenxe14
RT @Dinosn: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/z4ALQwGx4v
Check this http://t.co/NowTuJvJzA
RT @DarkOperator Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/VbtcckMDTS
RT @eromang: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/nSHUP18niF
RT @Dinosn: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/z4ALQwGx4v
RT @Dinosn: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/z4ALQwGx4v
RT @Dinosn: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/z4ALQwGx4v
RT @Dinosn: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/z4ALQwGx4v
RT @Dinosn: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/z4ALQwGx4v
Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/z4ALQwGx4v
RT @eromang: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/nSHUP18niF
Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support: http://t.co/lMoLYXlSnw via @eromang
RT @unpacker: [EricRomang] Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/ …
RT @unpacker: [EricRomang] Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/ …
RT @unpacker: [EricRomang] Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/ …
[EricRomang] Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/onnWrtme8F
RT @eromang: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/nSHUP18niF
RT @eromang: Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support http://t.co/nSHUP18niF
http://t.co/RQn4cennWU Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support (Correct Link) via @eromang