Neutrino Campaign Switches From CryptXXX to Locky Ransomware
A long-running exploit kit (EK) campaign has recently switched to distributing the Locky ransomware via the Neutrino EK, Palo Alto Networks researchers reveal. read more more…IE Exploit Added to Neutrino After Experts Publish PoC
The developers of the Neutrino exploit kit have added a recently patched Internet Explorer vulnerability to their arsenal after researchers published a proof-of-concept (PoC) exploit. read more more…Neutrino, RIG Using Blackhat-TDS for Redirection
Neutrino and RIG, the top exploit kits (EKs) following the sudden demise of Angler, were recently observed using a malicious Traffic Direction System (TDS) called Blackhat-TDS, Forcepoint researchers warn. read more more…After Angler: Shift in Exploit Kit Landscape and New Crypto-Ransomware Activity
Early this year, we reported that in 2015, Angler came out as the top exploit kit, having contributed 59.5% in the total exploit kit activity for the year. Now, there’s barely any pulse left. After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to note that Angler basically stopped functioning. With […] more…After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware Activity
Early this year, we reported that in 2015, Angler came out as the top exploit kit, having contributed 59.5% in the total exploit kit activity for the year. Now, there’s barely any pulse left. After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to note that Angler basically stopped functioning. With […] more…Exploit Kit Activity Down 96% Since April
Angler and Nuclear, two of the exploit kits (EKs) that dominated the landscape for years, are gone, with Neutrino and RIG being the leading crimekits now, but still far from reaching the EK traffic registered just a couple months ago. read more more…Did Angler Exploit Kit Die With Russian Lurk Arrests?
Researchers have recently noted a large scale switch from the Angler exploit kit (EK) to the Neutrino exploit kit. Last Wednesday SANS ISC noted that CryptXXX ransomware was now being delivered by the Neutrino EK. “Until then, I’d only seen Angler EK distribute CryptXXX,” reported Brad Duncan. read more more…Exploit Kits in 2015: Scale and Distribution
In the first part of this series of blog posts, we discussed what new developments and changes in the exploit kit landscape were seen in 2015. In this post, we look at the scale of the exploit kit problem – how many users were affected, which exploit kits are popular, and where are the users […] more…Exploit Kits in 2015: Flash Bugs, Compromised Sites, Malvertising Dominate
Threats never stand still, and exploits kits were no exception. 2015 saw multiple changes to this part of the threat landscape: freshly-discovered exploits were added, and compromised websites and malvertising were used to deploy and spread threats using exploit kits. Exploit kits were a key part of the threat landscape in 2015. In this series of posts, […] more…New Anti-Analysis Feature Added to Neutrino EK
The developers of the Neutrino exploit kit have added a new feature designed to reduce exposure to automated scans and security researchers’ analysis attempts. read more more…Angler Exploit Kit Used to Find and Infect PoS Systems
An attack aiming to infect PoS systems was found using the Angler Exploit Kit to push a PoS reconnaissance Trojan,This Trojan, detected as TROJ_RECOLOAD.A, checks for multiple conditions in the infected system like if it is a PoS machine or part of a PoS network. It then proceeds to download specific malware depending on the […] more…Hacking Team 0-day Flash Wave with Exploit Kits
After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using. Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As […] more…Hacking Team Flash Zero-Day Integrated Into Exploit Kits
Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Kafeine said, Neutrino Exploit Kit also has included this zero-day. The existence of this particular vulnerability was just leaked from Hacking Team; Adobe has […] more…Archie and Astrum: New Players in the Exploit Kit Market
Exploit kits continue to be a critical tool for the propagation of crimeware. New exploit kits have appeared this year, and this post will discuss two of them — Archie and Astrum. Archie EK was first described in August as a basic exploit kit, as it uses exploit modules copied from the Metasploit Framework. We […] more…Neutrino: Caught in the Act
Last week, we got a tip from Kafeine about hacked sites serving injected iframes leading to an exploit kit. We thought it was quite interesting so we looked at one of the infected websites and found this sneaky piece of code: The deobfuscated code shows the location from where the injected iframe URL will be […] more…Java 6 Zero-Day Exploit Pushes Users to Shift to Latest Java Version
Reports of an active exploit targeting an unpatched vulnerability in Java 6 recently surfaced. Upgrading to the latest version of Java is the prescribed solution, though for some users, this is easier said than done. The said exploit, detected by Trend Micro as JAVA_EXPLOIT.ABC, targets CVE-2013-2463 which Oracle addressed last June. Java 6 is also […] more…More information
- Mastermind behind sophisticated, massive botnet outs himself
- RNA vaccines seem to produce very different antibody levels
- Apple set to deploy drones to boost Maps accuracy
- Petya ransomware is now double the trouble
- In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach
- Should you turn your computer off at night?
- Post Liberty Reserve Shutdown – What’s Next?
- Man who shot down drone had a ‘right’ to do it, says judge
- TrueCrypt source code audit finds no critical flaws or intentional backdoors
- Little-Known SolarWinds Gets Scrutiny Over Hack, Stock Sales