Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Evilware rivals race to exploit the flaws stoopid folks don't fix


Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches.

The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines.

The two above-mentioned exploit kits jostle for top spot on the evilware charts, with speedy exploitation of Flash vulnerabilities giving one the edge over the other. Damage inflicted to industry also counts for plenty, while interest from authorities isn't good for business.

Neutrino is now slinging the revamped Cryptolocker 2 (or crypt0l0cker as it is known by criminals) ransomware and variants of the Kovter malware family exploiting Flash (CVE-2015-7645) to hit user machines.

"The campaign was just launched this morning and it has injected malicious script code into legitimate websites," Heimdal security bod Andra Zaharia says.

"This new campaign also comes with added surreptitious tricks: Google Blackhat SEO (search engine optimisation) poisoning and an immediate focus on using Flash Player vulnerabilities as a distribution vector."

The exploit kit can now determine if browsers and Flash player installs are vulnerable, and is flying below antivirus detection.

Competitor RIG is targeting Adobe titles including Flash, Reader, and Acrobat, along with Microsoft Silverlight, with its third iteration spreading through Google SEO poisoning.

More than half of Windows 7 PCs running Internet Explorer 9 are p0wned when encountering RIG notably with two Flash vulnerabilities ( CVE-2015-5122 , CVE-2015-5119).

Cisco researchers also found a new RIG campaign finding it is compromising hundreds rather than thousands of victims normally popped in big exploit kit attacks.

Researcher Nick Biasini says it is reverting to delivering old school spam bot trojans rather than new wave ransomware.

Cisco approached an implicated hosting provider Eurobyte and subsequently banned its IP address subnet after it did not respond to requests to take down the RIG infrastructure.

Angler, broadly regarded as the foremost among exploit kit menaces, has been on a "temporary vacation" since the end of last year, Biasini says. ®

Similar topics


Other stories you might like

  • DigitalOcean tries to take sting out of price hike with $4 VM
    Cloud biz says it is reacting to customer mix largely shifting from lone devs to SMEs

    DigitalOcean attempted to lessen the sting of higher prices this week by announcing a cut-rate instance aimed at developers and hobbyists.

    The $4-a-month droplet — what the infrastructure-as-a-service outfit calls its virtual machines — pairs a single virtual CPU with 512 MB of memory, 10 GB of SSD storage, and 500 GB a month in network bandwidth.

    The launch comes as DigitalOcean plans a sweeping price hike across much of its product portfolio, effective July 1. On the low-end, most instances will see pricing increase between $1 and $16 a month, but on the high-end, some products will see increases of as much as $120 in the case of DigitalOceans’ top-tier storage-optimized virtual machines.

    Continue reading
  • GPL legal battle: Vizio told by judge it will have to answer breach-of-contract claims
    Fine-print crucially deemed contractual agreement as well as copyright license in smartTV source-code case

    The Software Freedom Conservancy (SFC) has won a significant legal victory in its ongoing effort to force Vizio to publish the source code of its SmartCast TV software, which is said to contain GPLv2 and LGPLv2.1 copyleft-licensed components.

    SFC sued Vizio, claiming it was in breach of contract by failing to obey the terms of the GPLv2 and LGPLv2.1 licenses that require source code to be made public when certain conditions are met, and sought declaratory relief on behalf of Vizio TV owners. SFC wanted its breach-of-contract arguments to be heard by the Orange County Superior Court in California, though Vizio kicked the matter up to the district court level in central California where it hoped to avoid the contract issue and defend its corner using just federal copyright law.

    On Friday, Federal District Judge Josephine Staton sided with SFC and granted its motion to send its lawsuit back to superior court. To do so, Judge Staton had to decide whether or not the federal Copyright Act preempted the SFC's breach-of-contract allegations; in the end, she decided it didn't.

    Continue reading
  • US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
    Citizen allegedly moved $10m-plus in BTC into banned nation

    US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.

    It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US.

    Under the United States' International Emergency Economic Powers Act (IEEA), it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia. If there is evidence the IEEA was willfully violated, a criminal case should follow. If an individual or financial exchange was unwittingly involved in evading sanctions, they may be subject to civil action. 

    Continue reading

Biting the hand that feeds IT © 1998–2022