A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say.
The dump was posted online by a user known as (@EkMustDie) before it was removed.
The leaker appears to have previously tried to sell access to the exploit kit.
Independent malware investigators including UK hacker known as MalwareTech (@MalwareTechBlog) and French bod Kaffeine (@kafeine) discovered the source code being slung on HackForums by the apparent former reseller of the exploit kit.
MalwareTechBlog uploaded a copy of RIG exploit pack which did not include functioning exploits that required access to backend servers.
It is thought that a hacker with access to RIG's panel could be replacing the exploit kit payload with the CryptoWall ransomware, a claim Kafeine said resonated with RIG's unsavoury customers.
According to a post by the leaker RIG targeted vulnerabilities in Java (CVE-2012-0507 and CVE-2013-2465), Internet Explorer 7 to 10 (CVE-2013-2551 and CVE-2013-0322), Adobe Flash (CVE-2014-0497 and CVE-2015-0311), and Microsoft Silverlight (CVE-2013-0074).
It exploited an Internet Explorer hole (CVE-2013-7331) to detect installed security tools, software, and virtual machines possibly run by researchers.
The leak comes as Cisco reported ransomware criminals had dropped some exploits and instead relied on exploit kits like RIG and Angler to do the heavy lifting. ®