HackDig : Dig high-quality web security articles for hackers

Lurk: Retracing the Group’s Five-Year Campaign

by Fyodor Yarochkin and Vladimir Kropotov (Senior Threat Researchers) Fileless infections are exactly what their namesake says: they’re infections that don’t involve malicious files being downloaded or written to the system’s disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users
Publish At:2017-02-07 00:35 | Read:6232 | Comments:0 | Tags:Bad Sites Exploits Malware Angler Fileless Infection Lurk XX

RIG Exploit Kit Begins Distributing CrypMic Ransomware After ShadowGate Takedown

On June 7, 2016, the Angler exploit kit all of a sudden disappeared. It’s unclear exactly what led to Angler’s demise, but all reports indicate the exploit kit shut down after Russian authorities arrested 50 members of a hacker group that developed Lurk malware along with Angler.So, what did the exploit kit world do in response? It did what it al
Publish At:2016-09-22 19:30 | Read:5112 | Comments:0 | Tags:Cyber Security Featured Articles Angler botnet Exploit Kit N

Neutrino Exploit Kit Fills In For Angler EK In Recent Malvertising Campaigns

We have seen an uptick in drive-by downloads via the Neutrino exploit kit in the past few days. In fact, this is true for various paths to infection and also confirmed by others such as Brad Duncan who saw Neutrino deliver CryptXXX via the pseudo-Darkleech and EITest campaigns. Case in point, the recent large malvertising campaigns we wrote about are still g
Publish At:2016-06-11 18:15 | Read:5224 | Comments:0 | Tags:Exploits Angler domain shadowing malvertising neutrino ranso

New Wave of Malvertising Leverages Latest Flash Exploit

A well known malvertising gang famous for its use of the fingerprinting technique and other evasion tricks to bypass security checks has been ramping up its activity against many different ad platforms to push malware via top websites. The setup for these malvertising attacks relies on a combination of techniques that start with the fraudulent advertiser cho
Publish At:2016-05-25 23:50 | Read:3974 | Comments:0 | Tags:Cybercrime Exploits Angler CVE-2016-4117 domain shadowing ex

Website For French Cinema Chain Gets Hacked, Serves CryptXXX Ransomware

Pathé, a major French film production and distribution company is serving ransomware via one of its websites, pathe[.]fr. The film company has a rich history that predates Universal Studios and Paramount Pictures, and is famous for inventing the newsreel in 1908. We detected that their server hosting pathe[.]fr was compromised with malicious code embedded in
Publish At:2016-05-13 01:35 | Read:4004 | Comments:0 | Tags:Exploits Angler cinema cryptxxx pathe ransomware

Top Chilean News Website Emol Pushes Angler Exploit Kit

Emol.com (El Mercurio On-Line) is a very popular information portal ranked 5th most visited site in Chile. El Mercurio, is a conservative Chilean newspaper with a troubled past including funding from the CIA in the early 1970s to undermine the Socialist government of Salvador Allende. In more recent times, Emol was serving a malicious advert that automatical
Publish At:2016-05-12 07:20 | Read:3939 | Comments:0 | Tags:Exploits Threat analysis Angler emol malvertising exploit

CBS-affiliated Television Stations Expose Visitors to Angler Exploit Kit

A rogue advertiser managed to subvert the Taggify self-serve ad platform to push the Angler exploit kit to unsuspecting visitors of two CBS affiliated TV stations. One in St. Louis called KMOV, and the other WBTV, is located in Charlotte, North Carolina. This malvertising attack leveraged a familiar technique of hijacking GoDaddy accounts to create various s
Publish At:2016-05-04 16:50 | Read:4586 | Comments:0 | Tags:Exploits Threat analysis Angler kmov malvertising rtbfy tagg

Toymaker’s website pushes ransomware that holds visitors’ files hostage

The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, has been caught pushing ransomware that holds visitors' files hostage until they pay a hefty fee.Malicious files provided by the Angler exploit kit were hosted directly on the homepage of Maisto[.]com, according to antivirus provider Malwarebytes. The attack cod
Publish At:2016-04-29 12:40 | Read:4561 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Uncategorized

Toy Maker Maisto Unwittingly Serves Up CryptXXX Ransomware

The website of popular American brand Maisto, known for miniature and radio-controlled toy vehicles, was caught pushing the Angler exploit kit eventually leading to ransomware infections. According to website security company Sucuri, maisto[.]com is running on a Microsoft IIS server and showing an outdated version of the Joomla Content Management System, the
Publish At:2016-04-29 09:05 | Read:4363 | Comments:0 | Tags:Exploits Threat analysis Angler Bedep cryptxxx ransomware

Fake Social Button Plugin Redirects to Angler EK

Compromised websites remain one of the surefire ways to redirect innocent visitors to exploit kits. During the past few days we’ve started seeing an unusual route to the  infamous Angler EK, notorious for leveraging hacked WordPress and Joomla CMSs. This wasn’t via the common EITest or Darkleech paths nor was it a direct injection of the landing
Publish At:2016-04-21 00:20 | Read:3269 | Comments:0 | Tags:Exploits Malwarebytes news Angler Bedep socialbutton

Top Australian Classifieds Site Serves Malware In Malvertising Attack

Gumtree is a free classified advertising site and subsidiary of eBay particular popular in the UK, Australia, and South Africa. Gumtree is the number one local classifieds in Australia with 47.8M monthly visits* and was recently affected by a malvertising attack. Threat actors hacked the account of an Australian legal firm called Concisus Legal to create a l
Publish At:2016-03-25 18:45 | Read:3442 | Comments:0 | Tags:Malvertising angler domain shadowing malvertising

Certified Ethical Hacker website caught spreading crypto ransomware

For the past four days, including during the hour that this post was being prepared on Thursday morning, a major security certification organization has been spreading TeslaCrypt malware—despite repeated warnings from outside researchers.EC-Council, the Albuquerque, New Mexico-based professional organization that administers the Certified Ethical Hacker prog
Publish At:2016-03-25 04:10 | Read:3953 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Uncategorized

Canadian Hospital Serves Ransomware Via Hacked Website

Ransomware attacks have made a lot of headlines in the past year with several high-profile cases, including that of the Hospital in Los Angeles which had its data encrypted and ended up paying the ransom to get it back. Recently, the Ottawa hospital in Canada was also hit but able to contain a ransomware attack. We discovered the website of another Canadian
Publish At:2016-03-21 23:55 | Read:3427 | Comments:0 | Tags:Security Threat angler CMS ransomware

Angler EK – A Bromium Discussion

Disruptive attacks against individuals and organizations are rapidly rising, as was noted in recent security reports (Mandiant, A Fireeye Company, 2016).  As an example, ransomware has been a big problem. As we look at customer security alerts we note that ransomware could have been a problem for our clients as well. Thus, we decided to compare a typical app
Publish At:2016-03-09 15:30 | Read:4170 | Comments:0 | Tags:Angler TeslaCrypt EKs Protection Detection

Bedep Lurking in Angler’s Shadows

This post is authored by Nick Biasini.In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the o
Publish At:2016-02-09 17:00 | Read:3383 | Comments:0 | Tags:Threat Research 0-day Adobe Flash angler Bedep Talos Threat


Share high-quality web security related articles with you:)