Collaborate Disseminate
With a rise in malvertising attacks lately, we take a look at an ad server pushing the Afraidgate, traditionally found on compromised sites.Categories: ExploitsTags: ad serverafraidgatemalvertisingneutrinoransomware(Read more…) Continue reading Neutrino EK’s Afraidgate pushed in malvertising attack
This post covers the information disclosure bugs in Internet Explorer and Edge that we sometimes refer to as ‘fingerprinting’. We review past flaws as well as a currently unpatched one used in the wild before exploring some long term mitigations.Catego… Continue reading Browser-based fingerprinting: implications and mitigations
In this article we take a look at some tricks that target Google Chrome users to dupe them with the infamous tech support scam pop ups. In particular, we examine the fake address bar and alert dialogs which people have come to trust and yet can be dece… Continue reading Tech support scams and Google Chrome tricks
Something unusual happened in the exploit kit ecosystem. Two well-known malware distribution campaigns switched from Neutrino EK to RIG EK. A temporary blip or a more durable change? Only time will tell.Categories: ExploitsTags: exploit kitsneutrinoRIG… Continue reading Exploit kit shakedown: RIG EK grabs Neutrino EK campaigns
Keeping up with twists and turns on the exploit kit scene, we examine a new redirection mechanism to Neutrino EK which adds fingerprinting way up the infection chain by crafting a special Flash file and uploading it on compromised hosts. This ensures p… Continue reading Neutrino EK: more Flash trickery
It is a little odd to see an attack making use of two different exploit kits which serves the same malware payload. In this particular malvertising case, both RIG EK and Sundown EK are used to deliver the same threat, perhaps an indication that the act… Continue reading Malvertising campaign delivers two exploit kits, same payload
In the cybercrime landscape, Exploit Kits (EKs) are the tool of choice to infect endpoints by exploiting software vulnerabilities. However, a critical component EKs rely on is web traffic, which must be directed towards them.
In this post, we take a lo… Continue reading A look into Neutrino EK’s jQueryGate
Online crooks are abusing Google’s featured snippets via compromised websites that redirect to bogus online stores. Because of their prominent placement, Blackhat SEO miscreants are extremely interested in featured snippets as they can capture a large … Continue reading Google’s featured snippets abused by SEO scammers
We’ve covered the Neutrino and Magnitude exploit kits. Now we take a look at number #3, RIG EK and the different distribution paths using packet captures collected by our honeypot. The campaigns for distribution involve malvertising and compromised sit… Continue reading A look into some RIG exploit kit campaigns
The Neutrino developers have made some changes to the landing page source code as well as integrated a new exploit. The malware campaigns that once were Angler’s continue to point to Neutrino including a large malvertising attack on top adult sites we … Continue reading Neutrino EK picks up momentum in recent attacks