Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
3/28/2017
11:00 AM
Connect Directly
Twitter
RSS
50%
50%

Exploit Kits: Winter 2017 Review

We take another look at the current EK scene by going over RIG, Sundown, Neutrino and Magnitude.

A few months have passed since our Fall 2016 review of the most common exploit kits in our telemetry and honeypots.  Since then, there haven’t been any major changes. Exploit kit-related infections remain low compared to those via malicious spam. This is in part due to the lack of fresh and reliable exploits in today’s drive-by landscape.

Pseudo-Darkleech and EITest are the most popular redirection campaigns from compromised websites. They refer to code that is injected into – for the most part – WordPress, Joomla and Drupal websites, and automatically redirects visitors to an exploit kit landing page.

Malvertising campaigns keep fueling redirections to exploit kits as well, but can greatly vary in size and impact. The daily malverts from shady ad networks continue unchanged, while the larger attacks going after top ad networks and publishers come in waves.

In the following video, we do a quick overview of those exploit kits; if you are interested in the more technical details please visit Malwarebytes Labs for additional information on each of them.

Jérôme Segura is a senior security researcher at Malwarebytes Labs where his duties range fromstudying web exploits to tracking down online scammers. He spent over five years cleaning malware offpersonal computers using existing tools and writing his own ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Malwarebytes protects businesses against malicious threats that escape detection by traditional antivirus solutions. Malwarebytes Anti-Malware, the companys flagship product, has a highly advanced heuristic detection engine that has removed more than five billion malicious threats from computers worldwide. SMBs and enterprise businesses worldwide trust Malwarebytes to protect their data. Founded in 2008, the company is headquartered in California with offices in Europe, and a global team of researchers and experts. For more information, please visit us at www.malwarebytes.com/business.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-14185
PUBLISHED: 2018-05-25
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
CVE-2018-8862
PUBLISHED: 2018-05-25
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
CVE-2018-8864
PUBLISHED: 2018-05-25
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
CVE-2018-8871
PUBLISHED: 2018-05-25
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
CVE-2017-9641
PUBLISHED: 2018-05-25
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.