HackDig : Dig high-quality web security articles for hackers

RIG Exploit Kit Begins Distributing CrypMic Ransomware After ShadowGate Takedown

On June 7, 2016, the Angler exploit kit all of a sudden disappeared. It’s unclear exactly what led to Angler’s demise, but all reports indicate the exploit kit shut down after Russian authorities arrested 50 members of a hacker group that developed Lurk malware along with Angler.So, what did the exploit kit world do in response? It did what it al
Publish At:2016-09-22 19:30 | Read:5349 | Comments:0 | Tags:Cyber Security Featured Articles Angler botnet Exploit Kit N

Neutrino Exploit Kit Fills In For Angler EK In Recent Malvertising Campaigns

We have seen an uptick in drive-by downloads via the Neutrino exploit kit in the past few days. In fact, this is true for various paths to infection and also confirmed by others such as Brad Duncan who saw Neutrino deliver CryptXXX via the pseudo-Darkleech and EITest campaigns. Case in point, the recent large malvertising campaigns we wrote about are still g
Publish At:2016-06-11 18:15 | Read:5435 | Comments:0 | Tags:Exploits Angler domain shadowing malvertising neutrino ranso

A Look At A Neutrino EK Distributor

We’ve spotted a distribution channel for the Neutrino exploit kit which starts with malicious iframe injections. Digging a little more, we found what appears to be an infrastructure set up to handle traffic from multiple geolocations, much like a Traffic Distribution System (TDS). Initially, there was no intermediary between compromised sites and the T
Publish At:2016-04-06 21:35 | Read:4126 | Comments:0 | Tags:Exploits EK exploit neutrino

New Neutrino EK Campaign Drops Andromeda

On October 15th, we started seeing a new pattern of redirections to the Neutrino Exploit Kit via compromised websites. What actually caught our attention was one of the file names used to inject an iframe pointing to the exploit kit landing page. Ironically, it was called neitrino.php. We initially thought that this was a rookie mistake and a dead giveaway f
Publish At:2015-10-18 20:50 | Read:4244 | Comments:0 | Tags:Exploits andromeda exploit kit neutrino

Malvertising campaign targeted the Forbes Website, million users at risks

Security researchers at FireEye have uncovered a new malvertising campaign that exploited the popular Forbes.com news website. Security experts at FireEye have uncovered a new malvertising campaign that exploited the popular Forbes.com news website. The malvertising campaign was discovered earlier this month, according to the
Publish At:2015-09-23 12:20 | Read:3301 | Comments:0 | Tags:Cyber Crime Angler Cybercrime Exploit kits malvertising Neut

Revisiting The Bunitu Trojan

This post describes the infection process of the latest version of the Bunitu Proxy Trojan as seen delivered by the Neutrino Exploit Kit via a malvertising campaign. We will start from a high-level overview of the issue and used elements. Then, we will dive deeper in the used techniques of hiding and obfuscating the modules. What is Bunitu Proxy and why is i
Publish At:2015-07-14 07:00 | Read:5467 | Comments:0 | Tags:Malware Analysis exploit exploit kit neutrino trojan

Hacking Team Flash Zero-Day Integrated Into Exploit Kits

Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Kafeine said, Neutrino Exploit Kit also has included this zero-day. The existence of this particular vulnerability was just leaked from Hacking
Publish At:2015-07-08 09:05 | Read:4318 | Comments:0 | Tags:Exploits Malware Vulnerabilities adobe flash Angler exploit

Xtube Exploit led to Cryptowall Malware

We wrote about the adult site xtube.com being compromised, redirecting visitors to a landing page for the Neutrino Exploit kit last week on the Malwarebytes Unpacked blog, The malware that dropped from the exploit was found here and was called xtube.exe. This file was a .NET assembly, which was cleaned up using de4dot, a popular .NET deobfuscator. Using ILsp
Publish At:2015-04-02 02:40 | Read:4443 | Comments:0 | Tags:Malware Analysis cryptowall exploit neutrino xtube

Sneaky Redirect to Exploit Kit

While I was testing a Pinpoint update, I found a sneaky method to redirect unsuspecting users to Neutrino EK. This one was interesting to me so I thought I would document it here. Here’s the website I visited…looks suspicious already: There was a reference to an external Javascript file: The file is obfuscated Javascript which is a red flag:
Publish At:2014-08-10 15:11 | Read:4478 | Comments:0 | Tags:Exploit Packs Malscript actionscript exploit kit flash neutr

Box.php Fraud Kit

I’ve been researching that fake Adobe Flash update and Neutrino EK redirect that other fine researchers have been writing about: blog.spiderlabs.com/2014/01/beware-bats-hide-in-your-jquery-.html blog.sucuri.net/2014/01/website-mesh-networks-distributing-malware.html www.f-secure.com/weblog/archives/00002659.html blog.malwarebytes.org/online-security/20
Publish At:2014-08-10 15:11 | Read:7212 | Comments:0 | Tags:Exploit Packs Malscript fraud neutrino nuclear social engine

Tools

Tag Cloud