Robopak Exploit Kit

Looks like a new exploit kit is making its rounds. The seller is actually a service provider and the toolkit is used as a kind of EaaS (“Exploits as a Service”). The kit includes several Java, PDF, and IE exploits in its arsenal. The rental fee is: $30 per day, $150 per week, and $500 per month.

Here’s how the statistics page looks like:

The exploit code is wrapped in obfuscated Javascript which looks like a complete mess:

You need to decrypt this in two separate parts. First, you need to figure out the script at the very bottom. If you do, you will be rewarded with this:

Now you need to copy the top part of the first script and paste it into the resulting second script.

Then the exploit code can finally be revealed.

I thought this was yet another version of Siberia but apparently it’s not. There appears to be some overlap in the code though.

Posted on: 04/03/2011