This year has seen a big shift in the exploit kit landscape, with many of the bigger players unexpectedly dropping out of action. The Nuclear exploit kit operations started dwindling in May, Angler disappeared around the same time Russia’s Federal Security Service made nearly 50 arrests last June, and then in September Neutrino reportedly went private and shifted focus to select clientele only. Now, the most prominent exploit kits in circulation are RIG and Sundown. Both gained prominence shortly after Neutrino dropped out of active circulation.Read More
A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized.
Called Bizarro Sundown, the first version was spotted on October 5 with a second sighting two weeks later, on October 19. Users in Taiwan and Korea made up more than half of the victims of this threat. Bizarro Sundown shares some features with its Sundown predecessor but added anti-analysis features. The October 19 attack also changed its URL format to closely resemble legitimate web advertisements. Both versions were used exclusively by the ShadowGate/WordsJS campaign.Read More
In the first part of this series of blog posts, we discussed what new developments and changes in the exploit kit landscape were seen in 2015. In this post, we look at the scale of the exploit kit problem – how many users were affected, which exploit kits are popular, and where are the users coming from?Read More
Threats never stand still, and exploits kits were no exception. 2015 saw multiple changes to this part of the threat landscape: freshly-discovered exploits were added, and compromised websites and malvertising were used to deploy and spread threats using exploit kits. Exploit kits were a key part of the threat landscape in 2015. In this series of posts,…Read More
When it comes to exploit kits, it’s all about the timing. Exploit kits often integrate new or zero-day exploits in the hopes of getting a larger number of victims with systems that may not be as up-to-date with their patches. We found two vulnerabilities that were now being targeted by exploit kits, with one being…Read More