Disdain exploit kit and a side of social engineering deliver Neutrino Bot

Exploits may not be enough as threat actors combine them with social engineering in a new Disdain exploit kit attack method.

Read more

Exploit kits: Winter 2017 review

We take a look at the current exploit kit scene (Winter 2017) according to our telemetry and honeypots.

Read more

RIG exploit kit takes on large malvertising campaign

In the battle of exploit kits, RIG EK has earned some extra mileage by being leveraged in a high profile malvertising attack on popular website answers.com. The same domain shadowing campaigns that were popular in the Angler era are continuing with RIG now.

Read more

A week in security (Sep 11 – Sep 17)

A compilation of notable security news and blog posts from September 11th to September 17th. This week, we talked about DetoxCrypto ransomware, a tax fraud campaign, malvertisement on adult sites, and phishers having a bad day.

Read more

Neutrino EK’s Afraidgate pushed in malvertising attack

With a rise in malvertising attacks lately, we take a look at an ad server pushing the Afraidgate, traditionally found on compromised sites.

Read more

Exploit kit shakedown: RIG EK grabs Neutrino EK campaigns

Something unusual happened in the exploit kit ecosystem. Two well-known malware distribution campaigns switched from Neutrino EK to RIG EK. A temporary blip or a more durable change? Only time will tell.

Read more

Neutrino EK: more Flash trickery

Keeping up with twists and turns on the exploit kit scene, we examine a new redirection mechanism to Neutrino EK which adds fingerprinting way up the infection chain by crafting a special Flash file and uploading it on compromised hosts. This ensures proper filtering of non desirable traffic even before the gate to the exploit kit.

Read more

A look into Neutrino EK’s jQueryGate

In the cybercrime landscape, Exploit Kits (EKs) are the tool of choice to infect endpoints by exploiting software vulnerabilities. However, a critical component EKs rely on is web traffic, which must be directed towards them.
In this post, we take a look at what we sometimes refer to as ‘gates’. Hacked websites are injected with code to an intermediary webpage that serves as the gateway to the exploit kit.

Read more

Neutrino EK picks up momentum in recent attacks

The Neutrino developers have made some changes to the landing page source code as well as integrated a new exploit. The malware campaigns that once were Angler’s continue to point to Neutrino including a large malvertising attack on top adult sites we detected a few days ago.

Read more

Malvertising slowing down, but not out

The last high profile malvertising activity we had seen was on June 7th with a drive-by download incident on Yahoo that used Neutrino EK instead of Angler EK. This was rather unusual and was later confirmed as not just an anomaly, by the switch of exploit campaigns to Neutrino, precisely around that same time frame. Attacks have been scarce since then, but we just spotted the same group, confirming it is still somewhat in business.

Read more

Select your language