The Disdain Exploit Kit is a hacking utility that has recently been identified on the black markets possibly being a modified version of an older threat. It is available in several versions depending on the rent and the price is adjusted to reflect the requested edition.
Disdain Exploit Kit Available on Hacker Markets
A new hacking tool has emerged on the underground hacking markets available for immediate purchase or rent. It is called the Disdain exploit kit and is pretty similar to other related tools. The experts who discovered it note that it is cheaper than popular competitors.
The Disdain Exploit Kit uses the typical client-server response to manage the infected hosts. Once a computer is compromised with an exploit controlled by the software the machine is assigned a unique user ID (UUID). It allows the criminals to constantly monitor the status of the infected hosts.
It is being advertised as having the following features:
- Domain Rotator ‒ The exploit kit has the ability to embed several hacker-controlled domains which are rotated if one of them is shut down.
- RSA Key exchange for Exploits ‒ The exploit uses the asymmetric encryption algorithm that is used in enterprise solutions as well. A public and private encryption/decryption key is used to setup the secure communications between the network host and the hacker C&C (command and control) servers.
- Untraceable Panel ‒ The administrative interface cannot be traced or accessed from the payload server itself.
- Geolocation ‒ The operators of the Disdain Exploit kit have the ability to locate every victim based on the reported data. This gives them an estimate of their geolocation which is a serious privacy and security intrusion.
- Browser Tracking ‒ Victims of the Disdain exploit kit will find that their privacy has been seriously affected as the hackers can take over sensitive information stored in their web browsers. Depending on the version and configuration of the attack the most well known applications can be targeted: Google Chrome, Mozilla Firefox, Opera, Microsoft Edge, Safari and Internet Explorer. The malware can extract sensitive data including: form data, bookmarks, settings, passwords, account credentials and history.
- Domain Scanning ‒ Once infected on a network host the virus can scan other accessible machines and potentially infect them with via the built-in exploits.
The Disdain Exploit Kit is advertised as having the ability to target software using the following vulnerabilities:
CVE-2017-5375 (Mozilla Firefox), CVE-2017-3823 (Cisco WebEx Extension), CVE-2017-0037 (Internet Explorer), CVE-2016-9078 (Mozilla Firefox), CVE-2016-7200 (Microsoft Edge and Internet Explorer), CVE-2016-4117 (Adobe Flash), CVE-2016-1019 (Adobe Flash), CVE-2016-0189 (Internet Explorer), CVE-2015-5119 (Adobe Flash), CVE-2015-2419 (Internet Explorer), CVE-2014-8636 (Mozilla Firefox), CVE-2014-6332 (Internet Explorer), CVE-2014-1510 (Mozilla Firefox), CVE-2013-2551 (Internet Explorer) and CVE-2013-1710 (Mozilla Firefox).
Disdain Exploit Kit Still Inactive
Depending on the purchased version the Disdain Exploit Kit as a different price ‒ daily rent (80$), weekly (500$) or monthly (1400$).
https://twitter.com/CryptoInsane/status/895203669691465728
According to the researcher David Montenegro the exploit kit is sourced from the BEPS exploit kit which is also referred to as Sundown. It is possible that these two names are renamed or slightly changed versions of the same malware threat. Security researchers uncovered a leak of the source code back in February 2017 on AlphaBay. The code was offered for sale, it is likely that the Disdain Exploit kit has been sourced from this event.
At the moment no major attack campaigns have been detected with it. This is probably due to the reputation of the criminal who has advertised the malware. He/She uses the nickname “Cehceny” and has been banned from several black hat communities because of their reputation as a scammer. It is very likely that the statements released by the experts to be true and Disdain is simply a slightly modified version of Sundown or another exploit kit.
Computer users can protect themselves from possible intrusions by always updating all software to their latest versions. A capable anti-spyware solution can effectively remove identified infections with a few mouse clicks.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: