Phoenix Exploit’s Kit 2.8 mini version

After the Leak of Phoenix exploit kit 2.5 , this tour is currently in the wild version 2.8 , despite having a low activity since the last half of this year, remains one of the many Exploit Pack with greater preference for cyber-criminals.

However, PEK has a similar licensing model, where the last version was released with an "alternative" to buy. This is Phoenix Exploit's Kit 2.8 mini. Let us look briefly this alternative to crime which we could access through our Offensive Security Service CrimewareAttack.

The licensing model consists in the version Simple domain closed at a cost of USD 2.200, another version Multithreaded domain also closed to USD 2.700 and an extra-encryption service USD 40 (ReFUDing), already present from several versions back as part of the "added value".

Basically this new version does not change its characteristics, at least in regards to its graphical interface and functionality in relation to previous versions. Each section shows the same flow crimeware and type of statistical information, minimalist yet concise, this being, though trivial, one of the main reasons for the adoption of Phoenix by cyber-criminals. Simply find the information they need to increase the level of success and attack strategies, and merge the functionality of this Exploit Pack with some Malware Kit as SpyEye or ZeuS.

What is new about the exploits? 
Basically not much. Everything happens for optimizing the code for exploits a success rate effective in the process of exploitation, adding the exploit for Java Runtime Environment to Trusted.

Also removed were the following exploits pre-compiled in version 2.7:

• Windows Help and Support Center Protocol Handler Vulnerability – CVE-2010-1885 
• Integer overflow in the AVM2 abcFile parser in Adobe Flash Player – CVE-2009-1869 
• Integer overflow in Adobe Flash Player 9 – CVE-2007-0071 
• IEPeers Remote Code Execution – CVE-2009-0806  
• Internet Explorer Recursive CSS Import Vulnerability – CVE-2010-3971 

Although it’s basically the same exploits (similar in all cases, including those incorporating other Exploits Pack in the wild), the author's optimized for each version. In this case, includes the following exploits:

• Microsoft Data Access Components (MDAC) - CVE-2006-0003  
• Adobe Reader Javascript Printf Buffer Overflow - CVE-2008-2992 
• Adobe Reader LibTiff - CVE-2010-0188 
• Adobe Reader Collab GetIcon - CVE-2009-0927 
• Java SMB - CVE-2010-0746 
• Java Runtime Environment Trusted  - CVE-2010-0840 
• Java Skyline Plug-in component in Oracle Java SE and Java for Business 6  - CVE-2010-3552 
• Java Deployment Toolkit Component - CVE-2010-0886 

Despite the optimization of the components for each version exploits, is striking and interesting that chain optimization and updating MDAC exploit remains the most domination, not only in this Exploit Pack it in any of the existing. What is the reason? Just a lack of maturity on the users (application, customers around the basic procedures update) that transforms him into a potential target and highly drinkable through this old, but effective vulnerability.