Posts Tagged: exploit kit


A peek inside the EgyPack Web malware exploitation kit

by

By Dancho Danchev On a daily basis we process multiple malicious campaigns that, in 95%+ of cases, rely on the market leading Black Hole Exploit Kit. The fact that this Web malware exploitation kit is the kit of choice for the majority of cybercriminals, speaks for its key differentiation factors/infection rate success compared to the competing exploit kits, like, for instance, the Sweet Orange exploit kit or the Nuclear Exploit pack v2.0. In this post I’ll profile the EgyPack, a Web malware exploitation kit that was originally advertised on invite-only/vetted cybercrime friendly communities between the period of 2009-2011. List its core features, provide exclusive screenshots […]

Continue Reading »

Cybercriminals release new Java exploits centered exploit kit

by

Yesterday, a relatively unknown group of cybercriminals publicly announced the availability of a new Web malware exploitation kit. What’s so special about it is the fact that its current version is entirely based on Java exploits (CVE-2012-1723 and CVE-2013-0431), naturally, with “more exploits to be introduced any time soon”. Let’s take a peek at the statistics and infection rates produced by this kit, as well as discuss its potential, or lack thereof, to cause widespread damage to endpoints internationally. More details:

Continue Reading »

Nuclear Exploit Pack goes 2.0

by

In times when the market leading Black Hole Exploit Kit continues to gain market share, competing products are prone to emerge. What is the competition up to? Has it managed to differentiate itself from the market leading product or is it basically a “me too” exploit kit lacking any significant features worth emphasizing on? In this post, I’ll profile the recently advertised Nuclear Exploit Pack v.2.0, elaborate on its features, and discuss whether or not it has the potential to outpace the market leader (Black Hole Exploit Kit) in terms of market share. More details:

Continue Reading »

This blackhole exploit kit gives you Windows Media Player and a whole lot more

by

By Mike Johnson As a follow-up to the Blackhole Exploit posting, I thought I would share one aspect of my job that I truely enjoy: Discovery. While investigating some active urls being served up via a blackhole kit, I noticed something quite odd, as I would end up on sites that had malicious code injected into their webpages. Once the redirection to the blackhole kit was initiated, I saw the usual exploits taking place, first being Internet Explorer and Adobe Flash, then onto Adobe Reader and Java. This time, the kit didn’t stop there. Internet Explorer proceeded to launch Windows Media Player. Since I had never […]

Continue Reading »

One Click, and the Exploit Kit’s Got You

by

After all the brouhaha surrounding the NYTimes.com website hosting ads which spawned rogue antivirus Fakealerts last weekend, I spent a considerable amount of time looking at so-called exploit kits this week. These are packages, made up of custom made Web pages (typically coded in the PHP scripting language), which perform a linchpin activity for malware distributors. Namely, they deliver the infection to the victim, using the most effective methods, based on parameters which help identify particular vulnerabilities in the victim’s browser, operating system, or applications. There’s no indication that an exploit kit was used by the attackers in the NYTimes.com […]

Continue Reading »