Incident Response, Malware, TDR, Vulnerability Management

‘Infinity’ exploit kit targets IE, Firefox, Opera to deliver malware

A new exploit kit known as Infinity is being offered on underground markets for $100 per day, according to researchers with cyber intelligence company IntelCrawler.

The Infinity kit takes advantage of vulnerabilities in Firefox, Internet Explorer and Opera – as well as flaws in plug-ins, such as Adobe Flash – to compromise browsers and upload malware, Andrew Komarov, CEO of IntelCrawler, told in a weekend email correspondence.

The list of exploits in the Infinity kit is frequently updated, but the exact names are kept hidden, Komarov said, explaining an investigation revealed that CVE-2013-2465, CVE-2013-2423, CVE-2013-1347, CVE-2014-0322, CVE-2014-1776, and CVE-2014-0502 are among the included vulnerabilities.

“Infinity has a pretty high level of services and a good updated list of bugs for Remote Code Execution,” Komarov said. “We see that the author is very interested in new exploits and ready to buy new types of vulnerabilities.”

The technical support and advertisements for the Infinity kit are all written in Russian, leading Komarov to believe that the author – who operates under the name “iny,” or “pickness” – is from Eastern Europe, in a Russian-speaking country.

The author, who is fairly well-known and verified on several private underground forums, only deals through private messages and is highly particular about who can subscribe to the Infinity kit, Komarov said, explaining this is likely due to the 2013 arrest of Paunch, author of the BlackHole exploit kit.

“It was also found that the author has [their] own underground anti-virus checking service that allows [users] to check if [their] malware or exploit kit will be detected by anti-virus,” Komarov said, adding the author works with a team of coders to continuously update the products.

The Infinity exploit kit has a fairly large number of users, Komarov said, adding that they seem happy with the percentage of successful malware uploads.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.