Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Which Is the Most Popular Exploit Kit in 2016?

malware

Changes in the exploit kit market indicate that currently RIG is the most deployed EK service. Apparently, RIG is taking the place of Neutrino. Since the death of Angler, the two exploit kits have been battling for the lead positon on the malware market. However, RIG is currently on the top evident by the number and intensity of malvertising campaigns.

According to multiple security vendors such as Malwarebytes, Cisco Talos, and Heimdal Security, attacks involving the RIG EK have increased.

Related: Nuclear EK Is Dead!

Malwarebytes researchers have observed a malvertising incident on the popular website answers.com which has about 2 million visits daily. The scenario was very similar to both Angler and Neutrino but it was in fact RIG doing the work. It used the domain shadowing technique and the HTTPS open redirector from Rocket Fuel.

Is RIG Replacing Neutrino?

In early September we [Malwarebytes] noticed a change in how RIG drops its malware payload. Rather than using theiexplore.exe process, we spotted instances where wscript.exe was the parent process of the dropped binary. This may seem like a minor difference, but it has been Neutrino’s trademark for a long time and used as a way to bypass certain proxies.

Another indication that RIG has taken over the exploit kit market is the payload of several operations – the CrypMIC ransomware previously dropped by Neutrino.

Related: How to Remove CrypMIC Ransomware

What Is Domain Shadowing?

Shortly said, domain shadowing is the process of infiltrating multiple domain registrant accounts to generate subdomains for malicious purposes. It’s not something new on the malicious horizon. Because the tactic is quite effective, malware operators are employing it to bypass traditional defense mechanisms at the gateway by cloaking the ad traffic in an encrypted channel.

Since malvertising does not require any user interaction to infect your system, you should keep your computer fully up to date and uninstall unnecessary programs. Running an additional layer of protection, such as exploit mitigation software, ensures that drive-by download attacks leveraging zero-day vulnerabilities are also stopped.

A recent Digital Shadows report indicates that the exploit kit market is not that crowded anymore, and that malware operators don’t have much choice. That would also explain the high rate of attacks built on RIG.

The exploit kits still active today are RIG, Neutrino, Magnitude, Sundown, and Hunter.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.