Terror Exploit Kit Evolves Into Larger Threat

The relatively new Terror exploit kit is bucking the downward trend in the EK market, and is steadily evolving into more of a threat. Researchers at Cisco Talos said Terror has abandoned an early strategy that included “carpet-bombing” a target’s browser to one that now uses exploits that precise...

Terror Evolved: Exploit Kit Matures

This post is authored by Holger Unterbrink and Emmanuel Tacheau Executive SummaryTalos is monitoring the major Exploit KitsEK on an ongoing basis. While investigating the changes we recently observed in the RIG EK campaigns, we identified another well known candidate: Terror Exploit Kit.Terror EK...

Terror Exploit Kit URL Pattern

Terror exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Terror exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution ...

Pawn Storm – A Look Into this Cyberespionage Actor Group

In April 2017 my monthly threat webinar focused on a cyberespionage group our Forward-Looking Threat Researcher, Feike Hacquebord, has been following for many years and recently published a report into the most recent two years of activities. In this post I want to focus on their tools and tactic...

Blackmoon Banking Trojan Using New Infection Technique

New clues have surfaced on how the Blackmoon banking Trojan is infecting its victims using a new framework to deliver the malware. “We noticed recent campaigns two weeks ago where Blackmoon had shifted its infection strategy and is now utilizing a unique and interesting technique,” said Hardik...

Terror Exploit Kit

Terror exploit kit, is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Terror exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution ...

KaiXin Exploit Kit

KaiXin exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with KaiXin exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution o...

Neptune Exploit Kit

Neptune exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Neptune exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution...

Suspicious Decimal IP Redirect

Many exploit kits, when connecting to HTTP servers for malware download, use a non-dotted decimal IP literal as the server name. Using such notation may be indicative of malware download...

CVE-2017-0143

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

Still Getting Served: A Look at Recent Malvertising Campaigns Involving Exploit Kits

Malvertising occurs when an online advertising network knowingly or unknowingly serves up malicious advertisements on a website. Malvertisements are a type of “drive-by” threat that tend to result in users being infected with malware for simply visiting a website. The victims of this threat are...

CryptoShield Infections from RIG EK Picking Up

The RIG Exploit Kit remains fairly active despite an overall decline in such activity, and of late, it’s been spreading a fairly new variant of ransomware called CryptoShield. The main culprit is an attack group known for using EITest to deliver malware; it has been infecting victims’ machines vi...

Two New Edge Exploits Integrated into Sundown Exploit Kit

Six months of relative quiet around exploit kits recently changed when a public proof-of-concept attack disclosed by a Texas startup was integrated into the Sundown Exploit Kit. The proof-of-concept exploit was developed by Theori, a research and development firm in Austin, which opened its doors...

Vermont Grid 'Hack' Latest Tumble Down Attribution Rabbit Hole

A Vermont utility was for a brief moment last week at the center of a geopolitical scandal in which the Russian government was implicated in an attack against a U.S. electric grid. As it turns out, a laptop at Burlington Electric Department was infected with the Neutrino Exploit Kit. There was no...

No slowdown in Cerber ransomware activity as 2016 draws to a close

Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. As everybody else winds down for the holidays, the cybercriminals behind Cerber are busy ramping up their operations. Following our discovery of a spam...

DNSChanger Malware is Back! Hijacking Routers to Target Every Connected Device

Next time when you see an advertisement of your favorite pair of shoes on any website, even if it is legitimate, just DO NOT CLICK ON IT. …Because that advertising could infect you in such a way that not just your system, but every device connected to your network would get affected. A few days...

DNSChanger Exploit Kit Hijacks Routers, Not Browsers

Attackers are targeting more than 166 router models with an exploit kit called DNSChanger that is being distributed via malvertising. Researchers at Proofpoint said the exploit kit is unique because the malvertising component of the attack doesn’t target browsers, rather a victim’s router. Some o...

Zeus Variant 'Floki Bot' Targets PoS Data

Researchers have observed an uptick in attacks using the banking malware Floki Bot against U.S., Canadian and Brazilian banks, and insurance firms. Floki Bot, which uses code from the once notorious Zeus banking Trojan, has evolved and unlike its predecessor, is targeting point-of-sale systems vi...

Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit

If you have visited any popular mainstream website over the past two months, your computer may have been infected — Thanks to a new exploit kit discovered by security researchers. Researchers from antivirus provider ESET released a report on Tuesday stating that they have discovered an exploit ki...

TrickBot Banking Trojan Adds New Browser Manipulation Tools

The TrickBot banking Trojan, a close relative to Dyre, has a growing target list and new browser manipulation techniques, experts at IBM X-Force said. “We expect to see it amplify infection campaigns and fraud attacks, sharpen its aim on business and corporate accounts,” wrote Limor Kessem,...