Exploit Kits: Winter 2017 Review

We take another look at the current EK scene by going over RIG, Sundown, Neutrino and Magnitude.

Jerome Segura, Lead Malware Intelligence Analyst, Malwarebytes, Contributor

March 28, 2017

1 Min Read
Dark Reading logo in a gray background | Dark Reading

A few months have passed since our Fall 2016 review of the most common exploit kits in our telemetry and honeypots.  Since then, there haven’t been any major changes. Exploit kit-related infections remain low compared to those via malicious spam. This is in part due to the lack of fresh and reliable exploits in today’s drive-by landscape.

Pseudo-Darkleech and EITest are the most popular redirection campaigns from compromised websites. They refer to code that is injected into – for the most part – WordPress, Joomla and Drupal websites, and automatically redirects visitors to an exploit kit landing page.

Malvertising campaigns keep fueling redirections to exploit kits as well, but can greatly vary in size and impact. The daily malverts from shady ad networks continue unchanged, while the larger attacks going after top ad networks and publishers come in waves.

In the following video, we do a quick overview of those exploit kits; if you are interested in the more technical details please visit Malwarebytes Labs for additional information on each of them.

About the Author

Jerome Segura, Lead Malware Intelligence Analyst, Malwarebytes

Jerome Segura, Lead Malware Intelligence Analyst, Malwarebytes

Contributor

Jérôme Segura is a senior security researcher at Malwarebytes Labs where his duties range fromstudying web exploits to tracking down online scammers. He spent over five years cleaning malware offpersonal computers using existing tools and writing his own signatures. At the same time, he developed his own system for catching drive-by downloads, which eventually led to a URL blacklist service. In more recent years, he assisted website owners by removing malware from their WordPress or Joomla sites as well as securing their servers from further infections. He is a regular contributor to Malwarebytes Unpacked, the company's security blog.

See more from Jerome Segura, Lead Malware Intelligence Analyst, Malwarebytes
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

A woman sitting at a laptop and holding a mobile device, the screens of both displaying a green check mark in a circle
Cyberattacks & Data Breaches
Researchers Crack Microsoft Azure MFA in an HourResearchers Crack Microsoft Azure MFA in an Hour
byElizabeth Montalbano, Contributing Writer
Dec 11, 2024
4 Min Read
The words "zero-day" written in a line of code on a computer screen
Application Security
Microsoft NTLM Zero-Day to Remain Unpatched Until AprilMicrosoft NTLM Zero-Day to Remain Unpatched Until April
byJai Vijayan, Contributing Writer
Dec 9, 2024
3 Min Read
A patchwork quilt
Application Security
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch TuesdayMicrosoft Fixes Active Zero-Day, Critical RCEs on Patch Tuesday
byTara Seals, Managing Editor, News, Dark Reading
Dec 10, 2024
5 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers