The website for Just For Men, a company that sells various products for men, had their website breached and was serving a password stealing Trojan. The malicious code embedded in the WordPress site was part of the EITest campaign and pushed the RIG exploit kit.
Keeping up with twists and turns on the exploit kit scene, we examine a new redirection mechanism to Neutrino EK which adds fingerprinting way up the infection chain by crafting a special Flash file and uploading it on compromised hosts. This ensures proper filtering of non desirable traffic even before the gate to the exploit kit.
The Neutrino developers have made some changes to the landing page source code as well as integrated a new exploit. The malware campaigns that once were Angler’s continue to point to Neutrino including a large malvertising attack on top adult sites we detected a few days ago.
A new wave of compromised sites pushes Nuclear exploit kit.