Jérôme Segura
Lead Malware Intelligence Analyst

Security researcher with a focus on malvertising, exploits, and scams.

August 3, 2016 - In the cybercrime landscape, Exploit Kits (EKs) are the tool of choice to infect endpoints by exploiting software vulnerabilities. However, a critical component EKs rely on is web traffic, which must be directed towards them. In this post, we take a look at what we sometimes refer to as 'gates'. Hacked websites are injected with code to an intermediary webpage that serves as the gateway to the exploit kit.

CONTINUE READING1 Comment

August 1, 2016 - Online crooks are abusing Google's featured snippets via compromised websites that redirect to bogus online stores. Because of their prominent placement, Blackhat SEO miscreants are extremely interested in featured snippets as they can capture a large amount of traffic and redirect it to any site of their choosing.

CONTINUE READINGNo Comments

July 26, 2016 - We've covered the Neutrino and Magnitude exploit kits. Now we take a look at number #3, RIG EK and the different distribution paths using packet captures collected by our honeypot. The campaigns for distribution involve malvertising and compromised sites (much like all other EKs) but there is a notable diversity in how many different ways RIG EK is being loaded and the type of payloads it is serving.

CONTINUE READINGNo Comments

July 19, 2016 - We have been tracking a malvertising campaign distributing the Cerber ransomware linked to the actor behind the Magnitude exploit kit for months. Despite a global slowdown in exploit kit activity, this particular distribution channel has remained active and strong. In this post we take a look at some past and present indicators of compromise that show how fake identities remain an effective way to defeat ad platforms' security checks.

CONTINUE READINGNo Comments

July 15, 2016 - The Neutrino developers have made some changes to the landing page source code as well as integrated a new exploit. The malware campaigns that once were Angler's continue to point to Neutrino including a large malvertising attack on top adult sites we detected a few days ago.

CONTINUE READINGNo Comments

Select your language