Casa > cibernético Notícias > RIG Exploit Kit Delivers Malware to Visitors of

RIG Exploit Kit entrega malware para visitantes do

RIG Exploit KitOs usuários que visitaram o site de notícias musicais há duas semanas e não tiveram os patches mais recentes podem ter sido vítimas de um ataque de download drive-by entregue por meio de um kit de exploração RIG. The moment the exploit kit discovers a vulnerable Flash Player, Java or Silverlight plug-in, it exploits the flaw in order to download malware on the compromised machine. Researchers with Symantec have detected two different malware types so far – caro and Zeus Trojan.

Exploiting Unpatched Vulnerabilities

Dyre has been used in several malicious attacks so far. In most campaigns, the Trojan is delivered via scam emails. Dyre’s ability to steal banking credentials and block browser communications with websites of financial institutions makes it rather appealing to cyber criminals.

Alegadamente, the malicious campaign was first detected on October 27. Researchers have no idea for how long the bad code has been around or how many victims it might have taken. According to the Symantec report, the majority of the targeted users were located in the US. The exploit kit has leveraged a few flaws, among which there are some that would prevent the malware detection on certain systems.

The malware can exploit two security vulnerabilities on Internet Explorer and some flaws in older (2013 e 2012), unpatched versions of Flash Player, Java and Silverlight. Basicamente, the victims of such a campaign are users who do not update their software on a regular basis.

Malicious Iframe Not to Be Found in the Website’s Code

The website hosting RIG exploit kit was massively obfuscated. Before it actually starts to leverage flaws in browser plug-ins, RIG scans for antivirus programs. In case there are no security products, the malicious campaign continues. The payload is delivered via Dyre or a variation of the ZeuS Trojan. De qualquer jeito, the crooks use XOW cypher to bypass detection.

RIG exploit kit was used in a recent campaign in which infected computers were connecting to compromised Drupal websites via the SQL injection flaw. Researchers have observed the same pattern of detecting the security products before the payload is being downloaded in those cases.

The bad code has been removed from recently, and the website is now safe for use.


Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar