Researchers recently discovered that the latest Internet Explorer zero-day, detailed here by eWEEK, had made its way into the Eleonore exploit kit.
But most of the vulnerabilities the kit sets its sights on are not zero-days; in fact, many have had patches available for a long time. Perhaps this shouldn’t be too surprising, as attackers often reach for low-hanging fruit, and targeting unpatched systems is easier than discovering new vulnerabilities and developing exploits. Still, according to Symantec, many of the bugs exploited by Eleonore go back years.
Here’s a taste:
CVE-2005-2265 – Affects Firefox CVE-2006-0005 – Affects Windows Media Player CVE-2006-3677 – Affects Firefox CVE-2006-5559 – Affects Microsoft Data Access Components (MDAC) CVE-2007-5659 – Affects PDF collectEmaillnfo CVE-2008-0015 – Affects IE DirectX CVE-2008-2992 – Affects PDF printf
“Of note is that these vulnerabilities have been patched for quite some time,” said Tirth Sanyal, senior manager with Symantec Security Response. “However, their existence in such popular kits is testimony to the fact that there are enough users out there who aren’t patching various applications regularly and highlights the need for increased awareness around proper patching procedures.”
Eleonore is one of a handful of very popular exploit kits available in the cyber-underground. Others include kits like Fragus, Blackhole and Phoenix. Data from the end of 2009 from Symantec put the cost of the kit at $1,000, Sanyal said.
“There are many such exploit kits available on the underground economy, but very few of them are widely used,” the researcher said. “Eleonore is one of these exceptions.”