March 21, 2017 - This new malvertising campaign on adult websites was pushing the Ramnit information stealer.
March 9, 2017 - We take a look at the current exploit kit scene (Winter 2017) according to our telemetry and honeypots.
January 31, 2017 - Behind compromised sites or malvertising, you will often find trails that can take you back years and see how infection chains evolved, or didn't, over time.
November 30, 2016 - A new zero-day has been found in the wild and was used against the popular Tor Browser. This exploit was meant to leak information about users, such as their IP address.
October 17, 2016 - In this post we take a quick glance at some changes made to the Sundown exploit kit. The landing page has been tweaked and uses various obfuscation techniques. Sundown is used in some smaller campaigns and in this particular case dropped a downloader followed by a banking Trojan.
August 15, 2016 - Something unusual happened in the exploit kit ecosystem. Two well-known malware distribution campaigns switched from Neutrino EK to RIG EK. A temporary blip or a more durable change? Only time will tell.
August 12, 2016 - Keeping up with twists and turns on the exploit kit scene, we examine a new redirection mechanism to Neutrino EK which adds fingerprinting way up the infection chain by crafting a special Flash file and uploading it on compromised hosts. This ensures proper filtering of non desirable traffic even before the gate to the exploit kit.
August 3, 2016 - In the cybercrime landscape, Exploit Kits (EKs) are the tool of choice to infect endpoints by exploiting software vulnerabilities. However, a critical component EKs rely on is web traffic, which must be directed towards them. In this post, we take a look at what we sometimes refer to as 'gates'. Hacked websites are injected with code to an intermediary webpage that serves as the gateway to the exploit kit.
July 26, 2016 - We've covered the Neutrino and Magnitude exploit kits. Now we take a look at number #3, RIG EK and the different distribution paths using packet captures collected by our honeypot. The campaigns for distribution involve malvertising and compromised sites (much like all other EKs) but there is a notable diversity in how many different ways RIG EK is being loaded and the type of payloads it is serving.
June 17, 2016 - For those tracking exploit kits, the disappearance of the Angler exploit kit last week was a major event. While a lot of questions remain, several clues pointed out that this was no ordinary break, and that something deeper was likely going on. After about ten days without Angler EK, we take a look at the exploit kit landscape.