Jérôme Segura
Lead Malware Intelligence Analyst

Security researcher with a focus on malvertising, exploits, and scams. French; appreciates wine, bread, and cheese.

July 4, 2016 - The last high profile malvertising activity we had seen was on June 7th with a drive-by download incident on Yahoo that used Neutrino EK instead of Angler EK. This was rather unusual and was later confirmed as not just an anomaly, by the switch of exploit campaigns to Neutrino, precisely around that same time frame. Attacks have been scarce since then, but we just spotted the same group, confirming it is still somewhat in business.


June 28, 2016 - Since the disappearance of Angler EK, exploit kit activity is at one of its lowest it has been in a long time. The focus is therefore on Neutrino EK, which has somewhat picked up the pieces, although at a much lower rate. In this post we look at a change recently noticed with the Flash exploit Neutrino uses, which now includes fingerprinting of the user's machine.


June 17, 2016 - For those tracking exploit kits, the disappearance of the Angler exploit kit last week was a major event. While a lot of questions remain, several clues pointed out that this was no ordinary break, and that something deeper was likely going on. After about ten days without Angler EK, we take a look at the exploit kit landscape.


June 10, 2016 - In the past week, the Angler EK has almost completely disappeared. Instead, we see Neutrino EK take center stage in various attacks.


June 6, 2016 - Malvertising isn't only used to infect users via drive-by downloads or to deceitfully push fake software updates. A campaign currently going on via the TrafficHolder adult ad platform leverages the promise of raunchy videos to lure people into ad fraud. The trick is simple and yet effective. While browsing, users are automatically redirected to what appears to be YouTube for adult content.


Select your language