With Halloween a week away, zombies will be out and about. Of course, the kind of zombies you want to encounter will be ringing your doorbell, begging for candy. Unfortunately, the other type of zombie-the kind who can destroy your computer network-is also on the loose this time of the year.
M86 Security Labs recently analyzed one of the lesser known exploit kits the Zombie Infection Kit. While not as sophisticated as some other exploit kits, M86 reported that the Zombie Infection Kit does carry an array of exploits that are used successfully in other exploit kits used to infect your PC. According to Bradley Anstis, vp of technology strategy:
All the vulnerabilities used in this exploit kit have been patched by vendors, but end users must be diligent in applying patches for software and operating system updates to avoid these types of attacks. The Zombie exploit kit payload is usually hidden in an iFrame that is place on a compromised website which could be any website. The most successful vulnerabilities that this kit leverages are are java based vulnerabilities.
An article at Softpedia added this:
The toolkit exploits two Java vulnerabilities, four Adobe Reader ones (via a single PDF document), the Windows XP Help Center (HCP) flaw discovered earlier this year, an old one in IE6 and two in Adobe Flash Player.
Thankfully, the overall infection rate is rather low, especially when compared with other exploits, but best to try and keep this zombie from attacking.